General

  • Target

    9c2802367297eb8e8fb1b93f71e8d16c42c9d7aea3e1963fa7d82a128a1d9f7a

  • Size

    72KB

  • Sample

    241223-bqarestje1

  • MD5

    b5cd2bf317d212648e1c1a230805c5bf

  • SHA1

    208a9d991c5bccb20f4c3207927c4f318d06a6ec

  • SHA256

    9c2802367297eb8e8fb1b93f71e8d16c42c9d7aea3e1963fa7d82a128a1d9f7a

  • SHA512

    8ac5a5b45cd14220e903170131d50adea56133d2192f4612357fbd3728ffde750a55dbe744e776ea5632f9daa11e0ed8b344bf561be3b9d4af052a99253697de

  • SSDEEP

    1536:QElYXuu/ur0HsnsWbnPZGb7oexfGUsxecYtw:QEl8uu/ufnsW7PZwFEzY+

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9c2802367297eb8e8fb1b93f71e8d16c42c9d7aea3e1963fa7d82a128a1d9f7a

    • Size

      72KB

    • MD5

      b5cd2bf317d212648e1c1a230805c5bf

    • SHA1

      208a9d991c5bccb20f4c3207927c4f318d06a6ec

    • SHA256

      9c2802367297eb8e8fb1b93f71e8d16c42c9d7aea3e1963fa7d82a128a1d9f7a

    • SHA512

      8ac5a5b45cd14220e903170131d50adea56133d2192f4612357fbd3728ffde750a55dbe744e776ea5632f9daa11e0ed8b344bf561be3b9d4af052a99253697de

    • SSDEEP

      1536:QElYXuu/ur0HsnsWbnPZGb7oexfGUsxecYtw:QEl8uu/ufnsW7PZwFEzY+

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks