General

  • Target

    e6ef30dbb65ffd7c905bba83f4e5a2948772710e106de8ad080a5cf8ba2f8f38N

  • Size

    144KB

  • Sample

    241111-m7nv6aydlr

  • MD5

    af2be9f17422fbe05f5283917d1b0960

  • SHA1

    275b3e85134e3bbeb849c854265362e9a2ee424e

  • SHA256

    e6ef30dbb65ffd7c905bba83f4e5a2948772710e106de8ad080a5cf8ba2f8f38

  • SHA512

    4787efda7d4a60a659236eb1e64156703706c5f08af8db6ad0ef014d5ed4f8df024843516a05dc5b37ed5bee7d869adb25dc37f7597407312868f4cb404426fe

  • SSDEEP

    3072:i8QZ++Htd44muyU5gagHq/Wp+YmKfxgQdxvq:F8tdL1gaUmKyIxi

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e6ef30dbb65ffd7c905bba83f4e5a2948772710e106de8ad080a5cf8ba2f8f38N

    • Size

      144KB

    • MD5

      af2be9f17422fbe05f5283917d1b0960

    • SHA1

      275b3e85134e3bbeb849c854265362e9a2ee424e

    • SHA256

      e6ef30dbb65ffd7c905bba83f4e5a2948772710e106de8ad080a5cf8ba2f8f38

    • SHA512

      4787efda7d4a60a659236eb1e64156703706c5f08af8db6ad0ef014d5ed4f8df024843516a05dc5b37ed5bee7d869adb25dc37f7597407312868f4cb404426fe

    • SSDEEP

      3072:i8QZ++Htd44muyU5gagHq/Wp+YmKfxgQdxvq:F8tdL1gaUmKyIxi

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks