General

  • Target

    f1eca89a5ad9ec58eb8d7701507d8e2843ab4c52692893450f186a432f7fdcf8

  • Size

    96KB

  • Sample

    241223-e5gp3awkgy

  • MD5

    2f79c55c93a1b115889fae6a34f86330

  • SHA1

    0d791284a5b2f0c5b983d6a29897d8d3923d3da3

  • SHA256

    f1eca89a5ad9ec58eb8d7701507d8e2843ab4c52692893450f186a432f7fdcf8

  • SHA512

    6425ffd7133785b81659c7253db1998114f247dc706b29dc6b3dc77863dcfba858ed89dac9d7b62e2cdba4cbeb011a8ff118aa28db21943d58d580ae3de7c084

  • SSDEEP

    1536:FI3ld3fLM5NF8fQNVQy+nnaQuPnsjfu1hOvbdj9HIrZmkZaAjWbjtKBvU:FI3D3GCfainaQwYehOvbdjKAkZVwtCU

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f1eca89a5ad9ec58eb8d7701507d8e2843ab4c52692893450f186a432f7fdcf8

    • Size

      96KB

    • MD5

      2f79c55c93a1b115889fae6a34f86330

    • SHA1

      0d791284a5b2f0c5b983d6a29897d8d3923d3da3

    • SHA256

      f1eca89a5ad9ec58eb8d7701507d8e2843ab4c52692893450f186a432f7fdcf8

    • SHA512

      6425ffd7133785b81659c7253db1998114f247dc706b29dc6b3dc77863dcfba858ed89dac9d7b62e2cdba4cbeb011a8ff118aa28db21943d58d580ae3de7c084

    • SSDEEP

      1536:FI3ld3fLM5NF8fQNVQy+nnaQuPnsjfu1hOvbdj9HIrZmkZaAjWbjtKBvU:FI3D3GCfainaQwYehOvbdjKAkZVwtCU

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks