General

  • Target

    ed6df4e51e021fc25258d1bf3abe5253e398abf9fef42a70a817ddd24cecaec9N

  • Size

    80KB

  • Sample

    241112-rgb6wsthrl

  • MD5

    cd3e6dc37e70b72e146a9b55795bfd90

  • SHA1

    3a62e051b6e8f43acdee2f731a37b78dd624b4ab

  • SHA256

    ed6df4e51e021fc25258d1bf3abe5253e398abf9fef42a70a817ddd24cecaec9

  • SHA512

    9097fe0b28b8763da970662dd53e2034f5893ca382c9f91a36f1c6e646cafbf303d16dc69dde65eb3fc5855c11fccf309c24f607540607758de4110aa880d6bf

  • SSDEEP

    1536:91pJ1UzK58FCU76+q1sB4x0TerBNtRebKLJVdm7YxfoFeJuqnhCN:/1CUU76+q1sBK11NXLk7YdoFeJLCN

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ed6df4e51e021fc25258d1bf3abe5253e398abf9fef42a70a817ddd24cecaec9N

    • Size

      80KB

    • MD5

      cd3e6dc37e70b72e146a9b55795bfd90

    • SHA1

      3a62e051b6e8f43acdee2f731a37b78dd624b4ab

    • SHA256

      ed6df4e51e021fc25258d1bf3abe5253e398abf9fef42a70a817ddd24cecaec9

    • SHA512

      9097fe0b28b8763da970662dd53e2034f5893ca382c9f91a36f1c6e646cafbf303d16dc69dde65eb3fc5855c11fccf309c24f607540607758de4110aa880d6bf

    • SSDEEP

      1536:91pJ1UzK58FCU76+q1sB4x0TerBNtRebKLJVdm7YxfoFeJuqnhCN:/1CUU76+q1sBK11NXLk7YdoFeJLCN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks