General

  • Target

    e60f703c2a1afec55fa83098a051b4f05ba17165bd7808d1b37eb0ac1a0ef0e6N

  • Size

    128KB

  • Sample

    241111-msfaga1qgl

  • MD5

    ae66f629bf58b6fe6fd2d64c40109410

  • SHA1

    967670a1cda386b6417f7e69b1a0f04b36b93075

  • SHA256

    e60f703c2a1afec55fa83098a051b4f05ba17165bd7808d1b37eb0ac1a0ef0e6

  • SHA512

    d3f855ff844293658a3c6ccb537b39a2deb9d466386675189b20c778e543151103768a64e58954880c88275ae8e9c3767ef6b2b6e366f0799279fc628ebb6121

  • SSDEEP

    1536:K2L6KJ+CRLPTfmuynFIu8mstun0gzkBtFQoXa+dJnEBctOPpB:K2WKVhynFumkufzk3FQo7fnEBctcp

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e60f703c2a1afec55fa83098a051b4f05ba17165bd7808d1b37eb0ac1a0ef0e6N

    • Size

      128KB

    • MD5

      ae66f629bf58b6fe6fd2d64c40109410

    • SHA1

      967670a1cda386b6417f7e69b1a0f04b36b93075

    • SHA256

      e60f703c2a1afec55fa83098a051b4f05ba17165bd7808d1b37eb0ac1a0ef0e6

    • SHA512

      d3f855ff844293658a3c6ccb537b39a2deb9d466386675189b20c778e543151103768a64e58954880c88275ae8e9c3767ef6b2b6e366f0799279fc628ebb6121

    • SSDEEP

      1536:K2L6KJ+CRLPTfmuynFIu8mstun0gzkBtFQoXa+dJnEBctOPpB:K2WKVhynFumkufzk3FQo7fnEBctcp

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks