General

  • Target

    0175c28178e1e9ff29f3c02036bad25e8ec77abb5176347fde53d117258ec3d1

  • Size

    80KB

  • Sample

    241113-xt7q8axfme

  • MD5

    460090a9f147691a3f4a65c8f429cf84

  • SHA1

    45203f8749c37001bd79493f8f9bc098c164c651

  • SHA256

    0175c28178e1e9ff29f3c02036bad25e8ec77abb5176347fde53d117258ec3d1

  • SHA512

    b8b29006d1b5bf46148013bf6593e09b3b9ec8be13912ac3f5f93ee7d31722f1d48d20bd039d867ac86e73fc3255fcd61a1f76e3d539b6a1cd38f7042e225ca1

  • SSDEEP

    1536:cgdn12xGn1vvi4m7WrtqNvq6kor3IuZ/Xv/pFeJuqnhCN:ExG1Zm7WrSRkor3I+/XnpFeJLCN

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0175c28178e1e9ff29f3c02036bad25e8ec77abb5176347fde53d117258ec3d1

    • Size

      80KB

    • MD5

      460090a9f147691a3f4a65c8f429cf84

    • SHA1

      45203f8749c37001bd79493f8f9bc098c164c651

    • SHA256

      0175c28178e1e9ff29f3c02036bad25e8ec77abb5176347fde53d117258ec3d1

    • SHA512

      b8b29006d1b5bf46148013bf6593e09b3b9ec8be13912ac3f5f93ee7d31722f1d48d20bd039d867ac86e73fc3255fcd61a1f76e3d539b6a1cd38f7042e225ca1

    • SSDEEP

      1536:cgdn12xGn1vvi4m7WrtqNvq6kor3IuZ/Xv/pFeJuqnhCN:ExG1Zm7WrSRkor3I+/XnpFeJLCN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks