General

  • Target

    f7807b2b58dc1280987a102aec93c58c0905255ce4fd9bd801098cd354c9de8eN

  • Size

    320KB

  • Sample

    241110-w1wf4asere

  • MD5

    8664e5db86c92b4f5e6f58dd61887ed0

  • SHA1

    acf9ef0a7bada4c865ace4a97919475246ab0c6b

  • SHA256

    f7807b2b58dc1280987a102aec93c58c0905255ce4fd9bd801098cd354c9de8e

  • SHA512

    042591d6e3be0c431d402cdaf3bc9cb5fafaa8180ac9a36aa5c7f3c97e06dffe834ac10e8a850af9e553d3a817446d1a5b95d3e7f8984f34ded1b4d02a68a9ae

  • SSDEEP

    6144:f5LdMJHnrc62pdS3/fc/UmKyIxLDXXoq9FJZCUmKyIxLq:HMtrc62pp32XXf9Do3R

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f7807b2b58dc1280987a102aec93c58c0905255ce4fd9bd801098cd354c9de8eN

    • Size

      320KB

    • MD5

      8664e5db86c92b4f5e6f58dd61887ed0

    • SHA1

      acf9ef0a7bada4c865ace4a97919475246ab0c6b

    • SHA256

      f7807b2b58dc1280987a102aec93c58c0905255ce4fd9bd801098cd354c9de8e

    • SHA512

      042591d6e3be0c431d402cdaf3bc9cb5fafaa8180ac9a36aa5c7f3c97e06dffe834ac10e8a850af9e553d3a817446d1a5b95d3e7f8984f34ded1b4d02a68a9ae

    • SSDEEP

      6144:f5LdMJHnrc62pdS3/fc/UmKyIxLDXXoq9FJZCUmKyIxLq:HMtrc62pp32XXf9Do3R

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks