General

  • Target

    6151fd4df15b3e5814278c60780e1e077cd123bb98606f95e9c48dc37c39ed19N

  • Size

    96KB

  • Sample

    241112-nxkw7asbrf

  • MD5

    e12c848ff4a7e1ad60a0683169f970a0

  • SHA1

    2fa00afa1de9353e395cc6bee704b229e4c015de

  • SHA256

    6151fd4df15b3e5814278c60780e1e077cd123bb98606f95e9c48dc37c39ed19

  • SHA512

    c13abf7d3106e8a48c45a6c2eef0966350843230ba8c089543f8fb081852115969a98d5ce36576b55c9232de3377f49c52a5d0e6d01ee0900d71626d480a7c30

  • SSDEEP

    1536:2ER9nZ0a1k29n1rNBFvHUU9OSPjdCy+GRXXXXXXXXXXXXXXsXXXXXXxHXXXXXXyJ:bnSghnFPUU9FBCyL/VskkVwtCU

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6151fd4df15b3e5814278c60780e1e077cd123bb98606f95e9c48dc37c39ed19N

    • Size

      96KB

    • MD5

      e12c848ff4a7e1ad60a0683169f970a0

    • SHA1

      2fa00afa1de9353e395cc6bee704b229e4c015de

    • SHA256

      6151fd4df15b3e5814278c60780e1e077cd123bb98606f95e9c48dc37c39ed19

    • SHA512

      c13abf7d3106e8a48c45a6c2eef0966350843230ba8c089543f8fb081852115969a98d5ce36576b55c9232de3377f49c52a5d0e6d01ee0900d71626d480a7c30

    • SSDEEP

      1536:2ER9nZ0a1k29n1rNBFvHUU9OSPjdCy+GRXXXXXXXXXXXXXXsXXXXXXxHXXXXXXyJ:bnSghnFPUU9FBCyL/VskkVwtCU

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks