General

  • Target

    5ef6258f1587e1730d40c56a3a9a0e6566f201be0f7f38694e3ca2c5c1e322e9N

  • Size

    109KB

  • Sample

    241112-n4c5xsscll

  • MD5

    de1ceb05e74b461d9781a25e05a562e0

  • SHA1

    647f4f422a074dd170cccb1c1e6d4c51290155cd

  • SHA256

    5ef6258f1587e1730d40c56a3a9a0e6566f201be0f7f38694e3ca2c5c1e322e9

  • SHA512

    3bd74f8a0ca76261a62f892a2b3a206f94970da4bd5ab33947f7b823cad336452dddbc9496d77c34f5b40a0dc7a104b0549a74ad23df8427264e03a9c449ab83

  • SSDEEP

    3072:3YNanKRU2aYp6kBbJZMdE0dJ9XLCqwzBu1DjHLMVDqqkSpR:3znmNfp6AJZcE0dJ9rwtu1DjrFqhz

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      5ef6258f1587e1730d40c56a3a9a0e6566f201be0f7f38694e3ca2c5c1e322e9N

    • Size

      109KB

    • MD5

      de1ceb05e74b461d9781a25e05a562e0

    • SHA1

      647f4f422a074dd170cccb1c1e6d4c51290155cd

    • SHA256

      5ef6258f1587e1730d40c56a3a9a0e6566f201be0f7f38694e3ca2c5c1e322e9

    • SHA512

      3bd74f8a0ca76261a62f892a2b3a206f94970da4bd5ab33947f7b823cad336452dddbc9496d77c34f5b40a0dc7a104b0549a74ad23df8427264e03a9c449ab83

    • SSDEEP

      3072:3YNanKRU2aYp6kBbJZMdE0dJ9XLCqwzBu1DjHLMVDqqkSpR:3znmNfp6AJZcE0dJ9rwtu1DjrFqhz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks