General

  • Target

    8f4be9c6cec5f83b76fad1a2e432e0cc678d2a5965b7c875243b26b3fe0e9180N

  • Size

    1.3MB

  • Sample

    241112-p1afasshnf

  • MD5

    bcfd8d6829dfb592bb77916c86b4e5b0

  • SHA1

    9fe955daf388a29813845adfc8649ab4d5fbde06

  • SHA256

    8f4be9c6cec5f83b76fad1a2e432e0cc678d2a5965b7c875243b26b3fe0e9180

  • SHA512

    9ac17d864233526f79edaf1d7cbb75df205aa2520438557dbceffef78e458083cd2e0b8b9d717f3c6a69cbb9bc4c55e3c985333a9dbd25259b38ac63be53b5d9

  • SSDEEP

    6144:/K1rHq+iE5ZC2npb+oB+Zz2HG8t0DoEWufVuvw0HBHY8rQ+6bPD3wPSk8ymL2MTb:/KhqLAbaz22cWfVaw0HBHY8r8ABjMn

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8f4be9c6cec5f83b76fad1a2e432e0cc678d2a5965b7c875243b26b3fe0e9180N

    • Size

      1.3MB

    • MD5

      bcfd8d6829dfb592bb77916c86b4e5b0

    • SHA1

      9fe955daf388a29813845adfc8649ab4d5fbde06

    • SHA256

      8f4be9c6cec5f83b76fad1a2e432e0cc678d2a5965b7c875243b26b3fe0e9180

    • SHA512

      9ac17d864233526f79edaf1d7cbb75df205aa2520438557dbceffef78e458083cd2e0b8b9d717f3c6a69cbb9bc4c55e3c985333a9dbd25259b38ac63be53b5d9

    • SSDEEP

      6144:/K1rHq+iE5ZC2npb+oB+Zz2HG8t0DoEWufVuvw0HBHY8rQ+6bPD3wPSk8ymL2MTb:/KhqLAbaz22cWfVaw0HBHY8r8ABjMn

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks