General

  • Target

    5074e0c884214b47f06b7acd1a4e47b2737e0bf70d043ba53b63da2352ff3e4eN

  • Size

    128KB

  • Sample

    241111-p7nlhasqej

  • MD5

    ffa3a6b19fd269a2a24eccdafef74680

  • SHA1

    27c732eb0c31016b365984326f527bc43c63bc9e

  • SHA256

    5074e0c884214b47f06b7acd1a4e47b2737e0bf70d043ba53b63da2352ff3e4e

  • SHA512

    aabf4a1d84c77252c98a74d55cab0ed191cec2a2236f247c7642fd18ae5940e7c9a721c0dbf9bbd08763982ff5012ee5a5ec0346d2a705931492f53efad1a6bc

  • SSDEEP

    3072:1d85gQ+KnhsKRr2OAaz/Dd1AZoUBW3FJeRuaWNXmgu+tB:1d8aQ+WhsazrdWZHEFJ7aWN1B

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5074e0c884214b47f06b7acd1a4e47b2737e0bf70d043ba53b63da2352ff3e4eN

    • Size

      128KB

    • MD5

      ffa3a6b19fd269a2a24eccdafef74680

    • SHA1

      27c732eb0c31016b365984326f527bc43c63bc9e

    • SHA256

      5074e0c884214b47f06b7acd1a4e47b2737e0bf70d043ba53b63da2352ff3e4e

    • SHA512

      aabf4a1d84c77252c98a74d55cab0ed191cec2a2236f247c7642fd18ae5940e7c9a721c0dbf9bbd08763982ff5012ee5a5ec0346d2a705931492f53efad1a6bc

    • SSDEEP

      3072:1d85gQ+KnhsKRr2OAaz/Dd1AZoUBW3FJeRuaWNXmgu+tB:1d8aQ+WhsazrdWZHEFJ7aWN1B

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks