General

  • Target

    b8a9d899d443d7d9a9f3b0718de6027865677549e2709f34bdb780f20c0b1044

  • Size

    96KB

  • Sample

    241112-pfbsmaseqb

  • MD5

    70b76c3081bb982c696f996b2f214630

  • SHA1

    8726866aa94477c8c02aeebb5fff39ac464af08a

  • SHA256

    b8a9d899d443d7d9a9f3b0718de6027865677549e2709f34bdb780f20c0b1044

  • SHA512

    b46eb6dda1b08c063053d0e89e6923d1ed733aec2feb2b3a5c87e96c72465382ec9c21a0259fa9dbadde66a63476c1a420b3c1268e956b7631cd430ff7a46018

  • SSDEEP

    1536:65XoSADZcgJyhV8AjwHnksN/gu0JFIDakS2xt+VFFfUN1Avhw6JCMd:AoSAlfJynkHks5gueL32xt+VFFfUrQlZ

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b8a9d899d443d7d9a9f3b0718de6027865677549e2709f34bdb780f20c0b1044

    • Size

      96KB

    • MD5

      70b76c3081bb982c696f996b2f214630

    • SHA1

      8726866aa94477c8c02aeebb5fff39ac464af08a

    • SHA256

      b8a9d899d443d7d9a9f3b0718de6027865677549e2709f34bdb780f20c0b1044

    • SHA512

      b46eb6dda1b08c063053d0e89e6923d1ed733aec2feb2b3a5c87e96c72465382ec9c21a0259fa9dbadde66a63476c1a420b3c1268e956b7631cd430ff7a46018

    • SSDEEP

      1536:65XoSADZcgJyhV8AjwHnksN/gu0JFIDakS2xt+VFFfUN1Avhw6JCMd:AoSAlfJynkHks5gueL32xt+VFFfUrQlZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks