General

  • Target

    6449cb36aeebceec483deab1d9c24246a4927eec7d8cb4dc0037cf84563f8a43N

  • Size

    448KB

  • Sample

    241110-xaxf5swjdp

  • MD5

    d870dafa1c27068b04907a1b3115a120

  • SHA1

    f47d53097d6112009b243dec46204afb356a818c

  • SHA256

    6449cb36aeebceec483deab1d9c24246a4927eec7d8cb4dc0037cf84563f8a43

  • SHA512

    3e893702035cda21e578457f649fd0fcd62cb731d6fddbca98d6c8dd19eb91e27161483ea988d9b03e967aa80d32a0ed03e0ac8b53e75265df95012da4a729fe

  • SSDEEP

    6144:N0GtDoihsCe6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42GTQMJSZO5f7wj7vKp:N0GtEihikY660fIaDZkY660f8jTK/h

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6449cb36aeebceec483deab1d9c24246a4927eec7d8cb4dc0037cf84563f8a43N

    • Size

      448KB

    • MD5

      d870dafa1c27068b04907a1b3115a120

    • SHA1

      f47d53097d6112009b243dec46204afb356a818c

    • SHA256

      6449cb36aeebceec483deab1d9c24246a4927eec7d8cb4dc0037cf84563f8a43

    • SHA512

      3e893702035cda21e578457f649fd0fcd62cb731d6fddbca98d6c8dd19eb91e27161483ea988d9b03e967aa80d32a0ed03e0ac8b53e75265df95012da4a729fe

    • SSDEEP

      6144:N0GtDoihsCe6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42GTQMJSZO5f7wj7vKp:N0GtEihikY660fIaDZkY660f8jTK/h

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks