General

  • Target

    a5b2a936a85340557e913bb9854a6cd3f746f61b1b485cdc78bf2ddd07c1579f

  • Size

    96KB

  • Sample

    241223-b7a4hstpbr

  • MD5

    87e3819e8dc5a1c544d573bddcd4e77f

  • SHA1

    4c63a54340ad516b44329ea311958e795af6d507

  • SHA256

    a5b2a936a85340557e913bb9854a6cd3f746f61b1b485cdc78bf2ddd07c1579f

  • SHA512

    6ce0cba62bae8e5e169b9493757818abecbdd638ddfc70fd2bd04325d6f62f0f7894517c5fd72f758b22d1be7492f29058398f6accf5b05e12f2790b7d97837e

  • SSDEEP

    1536:B9MYssCbGQ4okputc4Rc0NfdZPzwmTPcC4QlmOM6bOLXi8PmCofGy:B9MYss4VRkpu6KzxPl4QlmDrLXfzoey

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a5b2a936a85340557e913bb9854a6cd3f746f61b1b485cdc78bf2ddd07c1579f

    • Size

      96KB

    • MD5

      87e3819e8dc5a1c544d573bddcd4e77f

    • SHA1

      4c63a54340ad516b44329ea311958e795af6d507

    • SHA256

      a5b2a936a85340557e913bb9854a6cd3f746f61b1b485cdc78bf2ddd07c1579f

    • SHA512

      6ce0cba62bae8e5e169b9493757818abecbdd638ddfc70fd2bd04325d6f62f0f7894517c5fd72f758b22d1be7492f29058398f6accf5b05e12f2790b7d97837e

    • SSDEEP

      1536:B9MYssCbGQ4okputc4Rc0NfdZPzwmTPcC4QlmOM6bOLXi8PmCofGy:B9MYss4VRkpu6KzxPl4QlmDrLXfzoey

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks