General

  • Target

    c19d25b24063a2011708531d7a86f61ceee0321bf2c7dea0408c28ff0b462b2dN

  • Size

    96KB

  • Sample

    241113-jq7p6axgrd

  • MD5

    7997086b97ed88aaf8eb2219b7f84e50

  • SHA1

    c2ab20b56964865aa990fe7dab24f879cbbb8ff4

  • SHA256

    c19d25b24063a2011708531d7a86f61ceee0321bf2c7dea0408c28ff0b462b2d

  • SHA512

    194cce39a8a14574478ff8092e9efe579fcf52576c5f1289225504b975516c6771aafe3b57d6244e577793c239c55645e1cb53080d5a7b565fc3e97c2b87e3c4

  • SSDEEP

    1536:eMHzlc2G5BpXeL0NH2PWz7ZCvuQdhmY6hQWllWt8DURLMk2aAjWbjtKBvU:5xc2+puYZ2uz7NQvcNzURLMk2VwtCU

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c19d25b24063a2011708531d7a86f61ceee0321bf2c7dea0408c28ff0b462b2dN

    • Size

      96KB

    • MD5

      7997086b97ed88aaf8eb2219b7f84e50

    • SHA1

      c2ab20b56964865aa990fe7dab24f879cbbb8ff4

    • SHA256

      c19d25b24063a2011708531d7a86f61ceee0321bf2c7dea0408c28ff0b462b2d

    • SHA512

      194cce39a8a14574478ff8092e9efe579fcf52576c5f1289225504b975516c6771aafe3b57d6244e577793c239c55645e1cb53080d5a7b565fc3e97c2b87e3c4

    • SSDEEP

      1536:eMHzlc2G5BpXeL0NH2PWz7ZCvuQdhmY6hQWllWt8DURLMk2aAjWbjtKBvU:5xc2+puYZ2uz7NQvcNzURLMk2VwtCU

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks