General

  • Target

    965cb64e911d204479d1d8b7851bd8b5709c53acb841a72658cd535441134e84N

  • Size

    320KB

  • Sample

    241110-t5ps1a1akq

  • MD5

    cb77a68671ad7ef7acdb8a8fe8dd5e50

  • SHA1

    99f4d53edca3e614bf787630a9548dfa05d703c6

  • SHA256

    965cb64e911d204479d1d8b7851bd8b5709c53acb841a72658cd535441134e84

  • SHA512

    b53ba9fcd5adc00a2f40c3fe61900532bd27d0102ba7118a4757db44ad7cd34af976adf75a3977cac56b96c058b6e700bd7b2773ec3c9dceb573703200685ed8

  • SSDEEP

    3072:kmz2/FvRqaiamQm74zGYJpD9r8XxrYnQg4sIgQxzjGG1wsKmOH6ipNik0O:125te7iGyZ6YugQdjGG1wsKm06D4

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      965cb64e911d204479d1d8b7851bd8b5709c53acb841a72658cd535441134e84N

    • Size

      320KB

    • MD5

      cb77a68671ad7ef7acdb8a8fe8dd5e50

    • SHA1

      99f4d53edca3e614bf787630a9548dfa05d703c6

    • SHA256

      965cb64e911d204479d1d8b7851bd8b5709c53acb841a72658cd535441134e84

    • SHA512

      b53ba9fcd5adc00a2f40c3fe61900532bd27d0102ba7118a4757db44ad7cd34af976adf75a3977cac56b96c058b6e700bd7b2773ec3c9dceb573703200685ed8

    • SSDEEP

      3072:kmz2/FvRqaiamQm74zGYJpD9r8XxrYnQg4sIgQxzjGG1wsKmOH6ipNik0O:125te7iGyZ6YugQdjGG1wsKm06D4

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks