General

  • Target

    243ccd77aefb48d0dcd770fd668ebb8bb6298bdd2c52000abec59d052fb67411

  • Size

    74KB

  • Sample

    241223-yv9gwazmbk

  • MD5

    1b71b23ec6e85676dd55508d7e176860

  • SHA1

    e0c6b980e7b35e4e4442278bfd0ae319816632c3

  • SHA256

    243ccd77aefb48d0dcd770fd668ebb8bb6298bdd2c52000abec59d052fb67411

  • SHA512

    c55da44130ac6e4ee91775c4d8a229cca45e14fc1d2d189a7f922abd94eaea87843da77d5ebe077819a77ba7890b228d5bacfca549840ee2ddb17b8b16ca2e2a

  • SSDEEP

    1536:t54xZWaDOrZeHFdPXzI1u1uwn0YBYKVsFZ6zT:tqWm7fvzI1u1OYBYKVsb6zT

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      243ccd77aefb48d0dcd770fd668ebb8bb6298bdd2c52000abec59d052fb67411

    • Size

      74KB

    • MD5

      1b71b23ec6e85676dd55508d7e176860

    • SHA1

      e0c6b980e7b35e4e4442278bfd0ae319816632c3

    • SHA256

      243ccd77aefb48d0dcd770fd668ebb8bb6298bdd2c52000abec59d052fb67411

    • SHA512

      c55da44130ac6e4ee91775c4d8a229cca45e14fc1d2d189a7f922abd94eaea87843da77d5ebe077819a77ba7890b228d5bacfca549840ee2ddb17b8b16ca2e2a

    • SSDEEP

      1536:t54xZWaDOrZeHFdPXzI1u1uwn0YBYKVsFZ6zT:tqWm7fvzI1u1OYBYKVsb6zT

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks