General

  • Target

    99af87e01bd37ecc8331d9b7bd479b26cf1579e9856ec855121a2b25a55b28ab

  • Size

    233KB

  • Sample

    241223-blff4stjay

  • MD5

    c93008647056b733fc6c10d54faff0ef

  • SHA1

    4efe3ccf26e3b4e311bb784d52622163df25a5f2

  • SHA256

    99af87e01bd37ecc8331d9b7bd479b26cf1579e9856ec855121a2b25a55b28ab

  • SHA512

    dbe046dd0031f870a84535e76527786cbdc6b3aeeb589e7174c6226919b030ca7e849dc50cbf6c609226740e05c81dbc7c62d5a681146779cb809d670ac216e1

  • SSDEEP

    6144:6mn9IQLvcrT5p2ZfRKB3A4U2dga1mcyw7I6BjtCYYs2:Bn9LYHfS5WHR1mK7fVtXP2

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      99af87e01bd37ecc8331d9b7bd479b26cf1579e9856ec855121a2b25a55b28ab

    • Size

      233KB

    • MD5

      c93008647056b733fc6c10d54faff0ef

    • SHA1

      4efe3ccf26e3b4e311bb784d52622163df25a5f2

    • SHA256

      99af87e01bd37ecc8331d9b7bd479b26cf1579e9856ec855121a2b25a55b28ab

    • SHA512

      dbe046dd0031f870a84535e76527786cbdc6b3aeeb589e7174c6226919b030ca7e849dc50cbf6c609226740e05c81dbc7c62d5a681146779cb809d670ac216e1

    • SSDEEP

      6144:6mn9IQLvcrT5p2ZfRKB3A4U2dga1mcyw7I6BjtCYYs2:Bn9LYHfS5WHR1mK7fVtXP2

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks