General

  • Target

    c2dc6fecf1d4bc4d75de5f25cd3b22a80f975b1139e6cc90513ac6d895606072

  • Size

    109KB

  • Sample

    241223-dazfysvmeq

  • MD5

    00c9b30507bfa9aff08b068033967995

  • SHA1

    6a44c5833e7cacd98eff9ca20137c6405eed29f6

  • SHA256

    c2dc6fecf1d4bc4d75de5f25cd3b22a80f975b1139e6cc90513ac6d895606072

  • SHA512

    d94c0bb3394f0c72de691bb5c1b2444884e3f4227394813e6fd2f650ba76f4425feabcd3e5709d57020b62063b0c9c23f8ce669f31b57b23f74f946cf3368db0

  • SSDEEP

    3072:mL8xMv+8PAVOhAF0gIrL8fo3PXl9Z7S/yCsKh2EzZA/z:YAVOhLgmLgo35e/yCthvUz

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c2dc6fecf1d4bc4d75de5f25cd3b22a80f975b1139e6cc90513ac6d895606072

    • Size

      109KB

    • MD5

      00c9b30507bfa9aff08b068033967995

    • SHA1

      6a44c5833e7cacd98eff9ca20137c6405eed29f6

    • SHA256

      c2dc6fecf1d4bc4d75de5f25cd3b22a80f975b1139e6cc90513ac6d895606072

    • SHA512

      d94c0bb3394f0c72de691bb5c1b2444884e3f4227394813e6fd2f650ba76f4425feabcd3e5709d57020b62063b0c9c23f8ce669f31b57b23f74f946cf3368db0

    • SSDEEP

      3072:mL8xMv+8PAVOhAF0gIrL8fo3PXl9Z7S/yCsKh2EzZA/z:YAVOhLgmLgo35e/yCthvUz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks