General

  • Target

    2b4203bd299ae08fbfa668650ddf0ba5a65e1e2576332711ccf6d14d3eaccde7N

  • Size

    290KB

  • Sample

    241110-twcr3szgrp

  • MD5

    85461207a376572cde94939307318bf0

  • SHA1

    9703435e79f6f2eb65ae4612f4c37dc6854d7dc2

  • SHA256

    2b4203bd299ae08fbfa668650ddf0ba5a65e1e2576332711ccf6d14d3eaccde7

  • SHA512

    b43204e3da0f43d75bc9d8e238d036d4f28977a8210cd1713fc4cafa17ca0133965a52c760af7a9f0287f9e74fdb1bb2eeb7308a3aeba0b0b3712301b73dc9cf

  • SSDEEP

    6144:U3FtAV+gHadBUmKyIxLDXXoq9FJZCUmKyIxL:0FtAVIv32XXf9Do3

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      2b4203bd299ae08fbfa668650ddf0ba5a65e1e2576332711ccf6d14d3eaccde7N

    • Size

      290KB

    • MD5

      85461207a376572cde94939307318bf0

    • SHA1

      9703435e79f6f2eb65ae4612f4c37dc6854d7dc2

    • SHA256

      2b4203bd299ae08fbfa668650ddf0ba5a65e1e2576332711ccf6d14d3eaccde7

    • SHA512

      b43204e3da0f43d75bc9d8e238d036d4f28977a8210cd1713fc4cafa17ca0133965a52c760af7a9f0287f9e74fdb1bb2eeb7308a3aeba0b0b3712301b73dc9cf

    • SSDEEP

      6144:U3FtAV+gHadBUmKyIxLDXXoq9FJZCUmKyIxL:0FtAVIv32XXf9Do3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks