General

  • Target

    ba67f14d796259aed17a40589b75695bfbe34a19d5feaf126b6f9a2667817e50N

  • Size

    104KB

  • Sample

    241110-w6klsa1rdz

  • MD5

    d8d677cce6f412fdf7b8a2468c094f70

  • SHA1

    0dea4ae3237dd83a1b371355c87adb4236ebaa11

  • SHA256

    ba67f14d796259aed17a40589b75695bfbe34a19d5feaf126b6f9a2667817e50

  • SHA512

    f3ac8c367f11de29ebfef68d530c88054eeef94d6c2e8cf759e59c09e0a4a43e4a301baf7f433d7568026a502c61361f1e456de4b1a7acf6bc91d9acba1d2b67

  • SSDEEP

    1536:Iizwn5hHpjtSfcmUhV2iSpOAexRCDccccccccccccccccccccccccccccccccrc/:IGw5hH4UhVMgAexynch3kremwc/gHq/e

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ba67f14d796259aed17a40589b75695bfbe34a19d5feaf126b6f9a2667817e50N

    • Size

      104KB

    • MD5

      d8d677cce6f412fdf7b8a2468c094f70

    • SHA1

      0dea4ae3237dd83a1b371355c87adb4236ebaa11

    • SHA256

      ba67f14d796259aed17a40589b75695bfbe34a19d5feaf126b6f9a2667817e50

    • SHA512

      f3ac8c367f11de29ebfef68d530c88054eeef94d6c2e8cf759e59c09e0a4a43e4a301baf7f433d7568026a502c61361f1e456de4b1a7acf6bc91d9acba1d2b67

    • SSDEEP

      1536:Iizwn5hHpjtSfcmUhV2iSpOAexRCDccccccccccccccccccccccccccccccccrc/:IGw5hH4UhVMgAexynch3kremwc/gHq/e

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks