General

  • Target

    9dec37f210a68b34ce0ad9744b485228bd18140b771cee492bcffcb1ee64c3bbN

  • Size

    74KB

  • Sample

    241113-kpwf6sxrbw

  • MD5

    8a4ce18f79e1bb642232bb53ab338070

  • SHA1

    8d3b771e00b44877b85db264fe6c6057a4ca23a5

  • SHA256

    9dec37f210a68b34ce0ad9744b485228bd18140b771cee492bcffcb1ee64c3bb

  • SHA512

    ef19227a42835aa56b124a36e01f323835116916eba748c0e8fdd1db590eab52fbee614c866d0e91ab7dc632f88506513de128ac70f9fbb936127a1704bf5438

  • SSDEEP

    1536:5xTpmpNnGL7X2sLMaG31K0QljSCHi4kMZSHSbtDJ/ebmDyH:6Nn47X2sLoUHHbZIqtNeQyH

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9dec37f210a68b34ce0ad9744b485228bd18140b771cee492bcffcb1ee64c3bbN

    • Size

      74KB

    • MD5

      8a4ce18f79e1bb642232bb53ab338070

    • SHA1

      8d3b771e00b44877b85db264fe6c6057a4ca23a5

    • SHA256

      9dec37f210a68b34ce0ad9744b485228bd18140b771cee492bcffcb1ee64c3bb

    • SHA512

      ef19227a42835aa56b124a36e01f323835116916eba748c0e8fdd1db590eab52fbee614c866d0e91ab7dc632f88506513de128ac70f9fbb936127a1704bf5438

    • SSDEEP

      1536:5xTpmpNnGL7X2sLMaG31K0QljSCHi4kMZSHSbtDJ/ebmDyH:6Nn47X2sLoUHHbZIqtNeQyH

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks