General

  • Target

    8011ac0cd9cafbcd37b2c13288ca0518b5d5694df6728257e010f9366e4da2f2

  • Size

    169KB

  • Sample

    241223-2r1mcatrdk

  • MD5

    47df2f0a16ed6540fe22b827cd516ba6

  • SHA1

    a050451d729c1d0f247bb6ef9a6b40d2d21a5c64

  • SHA256

    8011ac0cd9cafbcd37b2c13288ca0518b5d5694df6728257e010f9366e4da2f2

  • SHA512

    d2340adcf07270f86ba4009d4a8e9bd0337248d9fcb2719da7240026acc455d4609246ead863485e4c9b22efdeafc1775b3e8ad1267b6dcede9d3a6c3f2db6e4

  • SSDEEP

    3072:zQHrO/zC80a9JUYO1UgYuFkoOjhPxMeEvPOdgujv6NLPfFFrKP92f65Ha:du80cJrueo0hJML3OdgawrFZKPf9

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8011ac0cd9cafbcd37b2c13288ca0518b5d5694df6728257e010f9366e4da2f2

    • Size

      169KB

    • MD5

      47df2f0a16ed6540fe22b827cd516ba6

    • SHA1

      a050451d729c1d0f247bb6ef9a6b40d2d21a5c64

    • SHA256

      8011ac0cd9cafbcd37b2c13288ca0518b5d5694df6728257e010f9366e4da2f2

    • SHA512

      d2340adcf07270f86ba4009d4a8e9bd0337248d9fcb2719da7240026acc455d4609246ead863485e4c9b22efdeafc1775b3e8ad1267b6dcede9d3a6c3f2db6e4

    • SSDEEP

      3072:zQHrO/zC80a9JUYO1UgYuFkoOjhPxMeEvPOdgujv6NLPfFFrKP92f65Ha:du80cJrueo0hJML3OdgawrFZKPf9

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks