General

  • Target

    12dbf4d21a26305b765d0321bad73fb71acb78a9283f272db93038ffeafd722f

  • Size

    96KB

  • Sample

    241223-ybbfqsynay

  • MD5

    46574a9060d1abdbbb1b4a4244c4e28d

  • SHA1

    002c0dceafd6208f5a757eead6a9d2870495ac1a

  • SHA256

    12dbf4d21a26305b765d0321bad73fb71acb78a9283f272db93038ffeafd722f

  • SHA512

    a21fc635e3c7e40632b8765d6b27eb1faee3c6eb05e886c1a3f3740daa4c3b915b9eea72b56f2730657d68b052569ab63d2b44119a838606f8fdedb6822a292c

  • SSDEEP

    1536:7cc7lDTv+6wEQnxCcZxCf3hnKz+ouNT16MB/BOmVCMy0QiLiizHNQNdq:7FT+Qczq3hKzB+3B5OmVCMyELiAHONdq

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      12dbf4d21a26305b765d0321bad73fb71acb78a9283f272db93038ffeafd722f

    • Size

      96KB

    • MD5

      46574a9060d1abdbbb1b4a4244c4e28d

    • SHA1

      002c0dceafd6208f5a757eead6a9d2870495ac1a

    • SHA256

      12dbf4d21a26305b765d0321bad73fb71acb78a9283f272db93038ffeafd722f

    • SHA512

      a21fc635e3c7e40632b8765d6b27eb1faee3c6eb05e886c1a3f3740daa4c3b915b9eea72b56f2730657d68b052569ab63d2b44119a838606f8fdedb6822a292c

    • SSDEEP

      1536:7cc7lDTv+6wEQnxCcZxCf3hnKz+ouNT16MB/BOmVCMy0QiLiizHNQNdq:7FT+Qczq3hKzB+3B5OmVCMyELiAHONdq

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks