General

  • Target

    4ac86bcc4cb6b828ddfb5ca0f476f0d75d00120f20767c3dfbc9e88a7cb4b367

  • Size

    74KB

  • Sample

    241113-1qv5ssyrbs

  • MD5

    ece79bea54874fa5d58de0936b7fba07

  • SHA1

    30c6435f6c9e3d3a4dda823b650c3c3f9c0e7099

  • SHA256

    4ac86bcc4cb6b828ddfb5ca0f476f0d75d00120f20767c3dfbc9e88a7cb4b367

  • SHA512

    66cff09dc3d9c8e11c29ce37260ec914fcecf40191bc981763a1d4b0cdcdd16d95a2bf523123dee82080bb896f95fa99827467e6e11a21e279821c30ed62d0ce

  • SSDEEP

    1536:YrpXZOyCkqzTXZD2CL3AmNatym3Ej4UvxU/KEHG4x6b1ulOlR:YrppOFTXZDB4ymU8UvxhKx6b9lR

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4ac86bcc4cb6b828ddfb5ca0f476f0d75d00120f20767c3dfbc9e88a7cb4b367

    • Size

      74KB

    • MD5

      ece79bea54874fa5d58de0936b7fba07

    • SHA1

      30c6435f6c9e3d3a4dda823b650c3c3f9c0e7099

    • SHA256

      4ac86bcc4cb6b828ddfb5ca0f476f0d75d00120f20767c3dfbc9e88a7cb4b367

    • SHA512

      66cff09dc3d9c8e11c29ce37260ec914fcecf40191bc981763a1d4b0cdcdd16d95a2bf523123dee82080bb896f95fa99827467e6e11a21e279821c30ed62d0ce

    • SSDEEP

      1536:YrpXZOyCkqzTXZD2CL3AmNatym3Ej4UvxU/KEHG4x6b1ulOlR:YrppOFTXZDB4ymU8UvxhKx6b9lR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks