General

  • Target

    99496da42444a945991f093c85a7c2d707e83216a914b33a6cd7ef0fd34f2615

  • Size

    72KB

  • Sample

    241223-bkmh2atlbj

  • MD5

    f34c59cb9f5dfe34a8171fbfb8a31839

  • SHA1

    7b060c0dbaaed12ebc343302a9a6e54a749d62f0

  • SHA256

    99496da42444a945991f093c85a7c2d707e83216a914b33a6cd7ef0fd34f2615

  • SHA512

    e4ae77d0aef2bbcadc2c4d391e7fcef2a0773a44f011fe9a521b9a6aa3b6a97a7332e11d989ba5d2c112bd9d888f9dc86bcb792c26fc30b2f8750c600cf73b77

  • SSDEEP

    1536:i0MdarMH46VarYXKeaPJieacU3S7N0CHYFB4+:udZ462uY8cU3006Yg+

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      99496da42444a945991f093c85a7c2d707e83216a914b33a6cd7ef0fd34f2615

    • Size

      72KB

    • MD5

      f34c59cb9f5dfe34a8171fbfb8a31839

    • SHA1

      7b060c0dbaaed12ebc343302a9a6e54a749d62f0

    • SHA256

      99496da42444a945991f093c85a7c2d707e83216a914b33a6cd7ef0fd34f2615

    • SHA512

      e4ae77d0aef2bbcadc2c4d391e7fcef2a0773a44f011fe9a521b9a6aa3b6a97a7332e11d989ba5d2c112bd9d888f9dc86bcb792c26fc30b2f8750c600cf73b77

    • SSDEEP

      1536:i0MdarMH46VarYXKeaPJieacU3S7N0CHYFB4+:udZ462uY8cU3006Yg+

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks