General

  • Target

    aae32a4a4cb57bb8bd2bc083af707e04510d6bf1ff64696361b8e46a18f64363N

  • Size

    128KB

  • Sample

    241110-tzs88s1brb

  • MD5

    bcc51d0fe456e99885e26baeceadbc30

  • SHA1

    3923083773012f06c6c24286f85838329f203743

  • SHA256

    aae32a4a4cb57bb8bd2bc083af707e04510d6bf1ff64696361b8e46a18f64363

  • SHA512

    c62fd78cadcf0a5a84672aacfed395d8ee9193b009a23f877183525ec8e30c00f3942ae38d6006e880bdc7026e11a6846784e783188f2980345daa1492544f04

  • SSDEEP

    3072:DebTyzBu+hC0WzTw/DN708uFafmHURHAVgnvedh6:DePcBuR0seDN708uF8YU8gnve7

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      aae32a4a4cb57bb8bd2bc083af707e04510d6bf1ff64696361b8e46a18f64363N

    • Size

      128KB

    • MD5

      bcc51d0fe456e99885e26baeceadbc30

    • SHA1

      3923083773012f06c6c24286f85838329f203743

    • SHA256

      aae32a4a4cb57bb8bd2bc083af707e04510d6bf1ff64696361b8e46a18f64363

    • SHA512

      c62fd78cadcf0a5a84672aacfed395d8ee9193b009a23f877183525ec8e30c00f3942ae38d6006e880bdc7026e11a6846784e783188f2980345daa1492544f04

    • SSDEEP

      3072:DebTyzBu+hC0WzTw/DN708uFafmHURHAVgnvedh6:DePcBuR0seDN708uF8YU8gnve7

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks