General

  • Target

    06332cd0f351cde23cb9e30bc68e5079754ff5bc9b6e50652a04341f1ff7790cN

  • Size

    96KB

  • Sample

    241112-pjfkzssepn

  • MD5

    173ec9e213b6c44a2ee2dddd92aa0e80

  • SHA1

    816e0fc7e030bfeca0b38a9c71dfe1c3c15f1a2e

  • SHA256

    06332cd0f351cde23cb9e30bc68e5079754ff5bc9b6e50652a04341f1ff7790c

  • SHA512

    ca9d0465d89893acf10f81ce59f6cb5dec049f40a6796deeaec14ab28919a5a2e15181b0dd84178d151a0ecfda25c75c663b30e18403385981e97b544c61f130

  • SSDEEP

    1536:QwDSXPlhXep8t+gwJm3df7DwJsRm3ZleaL0s8WOxFYgeqoduV9jojTIvjr:ZS/TPHf7DqzPOxuqod69jc0v

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      06332cd0f351cde23cb9e30bc68e5079754ff5bc9b6e50652a04341f1ff7790cN

    • Size

      96KB

    • MD5

      173ec9e213b6c44a2ee2dddd92aa0e80

    • SHA1

      816e0fc7e030bfeca0b38a9c71dfe1c3c15f1a2e

    • SHA256

      06332cd0f351cde23cb9e30bc68e5079754ff5bc9b6e50652a04341f1ff7790c

    • SHA512

      ca9d0465d89893acf10f81ce59f6cb5dec049f40a6796deeaec14ab28919a5a2e15181b0dd84178d151a0ecfda25c75c663b30e18403385981e97b544c61f130

    • SSDEEP

      1536:QwDSXPlhXep8t+gwJm3df7DwJsRm3ZleaL0s8WOxFYgeqoduV9jojTIvjr:ZS/TPHf7DqzPOxuqod69jc0v

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks