General

  • Target

    050b0dffc7ba47d9ca02935af4c7822ed846c2c5757e15cc695cf26d769837f0N

  • Size

    96KB

  • Sample

    241110-ttbf8stmbm

  • MD5

    08848767aeb746cfb978d784a3177b20

  • SHA1

    1194b24fd0d3dda8963fa7865be6e10e5912114a

  • SHA256

    050b0dffc7ba47d9ca02935af4c7822ed846c2c5757e15cc695cf26d769837f0

  • SHA512

    bc3f2456641ac94c2fc3323115e8db4e1e158dcde60e29e490f2d57223dfa4dd01bc42f5f3838de676537a49bb55db2e553823ebb551965d7e14e199d4c3715f

  • SSDEEP

    1536:vasOoslphwB+yZJntDgw+vuHjV+8HkUaYe/XSxOukWaAjWbjtKBvU:ysfsJwJZdHIq5aYe/X8PkWVwtCU

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      050b0dffc7ba47d9ca02935af4c7822ed846c2c5757e15cc695cf26d769837f0N

    • Size

      96KB

    • MD5

      08848767aeb746cfb978d784a3177b20

    • SHA1

      1194b24fd0d3dda8963fa7865be6e10e5912114a

    • SHA256

      050b0dffc7ba47d9ca02935af4c7822ed846c2c5757e15cc695cf26d769837f0

    • SHA512

      bc3f2456641ac94c2fc3323115e8db4e1e158dcde60e29e490f2d57223dfa4dd01bc42f5f3838de676537a49bb55db2e553823ebb551965d7e14e199d4c3715f

    • SSDEEP

      1536:vasOoslphwB+yZJntDgw+vuHjV+8HkUaYe/XSxOukWaAjWbjtKBvU:ysfsJwJZdHIq5aYe/X8PkWVwtCU

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks