General

  • Target

    8413382b3bc69c6706f845995e3f6cae3d0d0e2e07c9b184abf02d0f94821fa7

  • Size

    96KB

  • Sample

    241223-2yyrbstqdx

  • MD5

    461a3d0a3a7652f0bdbc26a9a0918ebe

  • SHA1

    bfab57f4e2c4947facb372eb46db5ec91f64e4ec

  • SHA256

    8413382b3bc69c6706f845995e3f6cae3d0d0e2e07c9b184abf02d0f94821fa7

  • SHA512

    e1dd7fbcafb26a04e5ab0258b99b45a2a2168e21056ee063e876f776f3201bb80a9b7863537305e0fc2eb6d8598dd830874753b49db379030eab7c6b0b241823

  • SSDEEP

    1536:RMNv6GPyfBXSJsldQgrroYP7tX4T1lXAt7duV9jojTIvjr:qcGPypXSJsf3o/Pe7d69jc0v

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8413382b3bc69c6706f845995e3f6cae3d0d0e2e07c9b184abf02d0f94821fa7

    • Size

      96KB

    • MD5

      461a3d0a3a7652f0bdbc26a9a0918ebe

    • SHA1

      bfab57f4e2c4947facb372eb46db5ec91f64e4ec

    • SHA256

      8413382b3bc69c6706f845995e3f6cae3d0d0e2e07c9b184abf02d0f94821fa7

    • SHA512

      e1dd7fbcafb26a04e5ab0258b99b45a2a2168e21056ee063e876f776f3201bb80a9b7863537305e0fc2eb6d8598dd830874753b49db379030eab7c6b0b241823

    • SSDEEP

      1536:RMNv6GPyfBXSJsldQgrroYP7tX4T1lXAt7duV9jojTIvjr:qcGPypXSJsf3o/Pe7d69jc0v

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks