General

  • Target

    3f745bdb4fefd1d7d6025f0ef83e4299e627d7f56d6d2e45c1ac94c50f9e4b72N

  • Size

    128KB

  • Sample

    241110-wxrzhasbpn

  • MD5

    9ae43e20239c4edb90ef6606b8d17260

  • SHA1

    28d3f45c90b7de05b1978b48773ff495e8627e4d

  • SHA256

    3f745bdb4fefd1d7d6025f0ef83e4299e627d7f56d6d2e45c1ac94c50f9e4b72

  • SHA512

    e103c726cbce4a513a97fea44ac78335db2590e70bd4bd27db6fd1ca884235f26b13850d4086b14bdfb7e816214b5c3a7a03e5eda63917c6984a6bf572df2a61

  • SSDEEP

    3072:/OsdipcKmX9nb2Ba1VLrDMZGThfSFDd1AZoUBW3FJeRuaWNXmgu+tB:jiLK64oZGThKFdWZHEFJ7aWN1B

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3f745bdb4fefd1d7d6025f0ef83e4299e627d7f56d6d2e45c1ac94c50f9e4b72N

    • Size

      128KB

    • MD5

      9ae43e20239c4edb90ef6606b8d17260

    • SHA1

      28d3f45c90b7de05b1978b48773ff495e8627e4d

    • SHA256

      3f745bdb4fefd1d7d6025f0ef83e4299e627d7f56d6d2e45c1ac94c50f9e4b72

    • SHA512

      e103c726cbce4a513a97fea44ac78335db2590e70bd4bd27db6fd1ca884235f26b13850d4086b14bdfb7e816214b5c3a7a03e5eda63917c6984a6bf572df2a61

    • SSDEEP

      3072:/OsdipcKmX9nb2Ba1VLrDMZGThfSFDd1AZoUBW3FJeRuaWNXmgu+tB:jiLK64oZGThKFdWZHEFJ7aWN1B

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks