General

  • Target

    e530fb936ded7d473eb35d4b5d76ae48489cd68c394cf50b3d299f4a4d2bd883N

  • Size

    92KB

  • Sample

    241110-tlpc5azkfw

  • MD5

    ed2832b902366a8a3f07a03c9c65acb0

  • SHA1

    4a8374ba91db494012d5787422f94de8b0e75565

  • SHA256

    e530fb936ded7d473eb35d4b5d76ae48489cd68c394cf50b3d299f4a4d2bd883

  • SHA512

    d5f01ecf6e9a10873df525f25db75466647e05fc24cf36a07d47045349d92c183d13c2cfe82ce7183eedc0933718aa6d6c9f07e9f4f6f2e49be2e6be7029b847

  • SSDEEP

    1536:0SIhWZc+Qb9QBYZ1LynpaOnw8aU5hPMS6bVCzOGkTnseNIY0p2YYxL:0SIUZc+2CYZ1Lyptw81HybVCzkTseS5u

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e530fb936ded7d473eb35d4b5d76ae48489cd68c394cf50b3d299f4a4d2bd883N

    • Size

      92KB

    • MD5

      ed2832b902366a8a3f07a03c9c65acb0

    • SHA1

      4a8374ba91db494012d5787422f94de8b0e75565

    • SHA256

      e530fb936ded7d473eb35d4b5d76ae48489cd68c394cf50b3d299f4a4d2bd883

    • SHA512

      d5f01ecf6e9a10873df525f25db75466647e05fc24cf36a07d47045349d92c183d13c2cfe82ce7183eedc0933718aa6d6c9f07e9f4f6f2e49be2e6be7029b847

    • SSDEEP

      1536:0SIhWZc+Qb9QBYZ1LynpaOnw8aU5hPMS6bVCzOGkTnseNIY0p2YYxL:0SIUZc+2CYZ1Lyptw81HybVCzkTseS5u

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks