General

  • Target

    03a1f54a72e18c66e96a9a03a11b3eb4b19b71a396277fc0eb6ae8065ab22c36

  • Size

    89KB

  • Sample

    241223-xsyrxsxrdx

  • MD5

    b980f5193632706a63a180475aa312fc

  • SHA1

    41e1db5cb1c8af4ba4f59b21d403be91b69733fb

  • SHA256

    03a1f54a72e18c66e96a9a03a11b3eb4b19b71a396277fc0eb6ae8065ab22c36

  • SHA512

    09ae570b51cdab05843526badd28387369d111c7115ed9fc0d48c75b6c7c82fe284afe6bde1641501597772380254c00b6e63791dd50a51649243a163d5d5aff

  • SSDEEP

    1536:Ei5E5xheMgd0TPerei9kslmFKaY9Z+iH9K8sZUGTc7JlExkg8F:Ei+5GjIDiSst3H9KXTcFlakgw

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      03a1f54a72e18c66e96a9a03a11b3eb4b19b71a396277fc0eb6ae8065ab22c36

    • Size

      89KB

    • MD5

      b980f5193632706a63a180475aa312fc

    • SHA1

      41e1db5cb1c8af4ba4f59b21d403be91b69733fb

    • SHA256

      03a1f54a72e18c66e96a9a03a11b3eb4b19b71a396277fc0eb6ae8065ab22c36

    • SHA512

      09ae570b51cdab05843526badd28387369d111c7115ed9fc0d48c75b6c7c82fe284afe6bde1641501597772380254c00b6e63791dd50a51649243a163d5d5aff

    • SSDEEP

      1536:Ei5E5xheMgd0TPerei9kslmFKaY9Z+iH9K8sZUGTc7JlExkg8F:Ei+5GjIDiSst3H9KXTcFlakgw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks