General

  • Target

    dcf976f0b89f51a5dac9c7c5489d2271426b7dd7e16a92e0860915e3410d6efcN

  • Size

    128KB

  • Sample

    241110-wwdqgs1phy

  • MD5

    b6d7047f2d1fb01d3ec9354cdd22c4a0

  • SHA1

    9c060122839feb781f38b8c2f46f70ad934ab2ee

  • SHA256

    dcf976f0b89f51a5dac9c7c5489d2271426b7dd7e16a92e0860915e3410d6efc

  • SHA512

    3f3b890d9a3a1e37bd88702f6d3d7590b31ca7dc86fc8aae56db257b6dee70085b5ed253847dfa1e5954a35c823c733ce5305e08cca5a18eae55fd761a128ffe

  • SSDEEP

    3072:NI3D3GCfainaQwYehOvbdjKUSoutkTy2o:S3jUtBYehOvbdjrSoSkTlo

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dcf976f0b89f51a5dac9c7c5489d2271426b7dd7e16a92e0860915e3410d6efcN

    • Size

      128KB

    • MD5

      b6d7047f2d1fb01d3ec9354cdd22c4a0

    • SHA1

      9c060122839feb781f38b8c2f46f70ad934ab2ee

    • SHA256

      dcf976f0b89f51a5dac9c7c5489d2271426b7dd7e16a92e0860915e3410d6efc

    • SHA512

      3f3b890d9a3a1e37bd88702f6d3d7590b31ca7dc86fc8aae56db257b6dee70085b5ed253847dfa1e5954a35c823c733ce5305e08cca5a18eae55fd761a128ffe

    • SSDEEP

      3072:NI3D3GCfainaQwYehOvbdjKUSoutkTy2o:S3jUtBYehOvbdjrSoSkTlo

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks