General

  • Target

    48592f8974809e8b8bc430c87ab6ad2b85b8350ed8d5672af3c025c6b1ee6d95

  • Size

    96KB

  • Sample

    241223-z1ckrs1pfq

  • MD5

    87a3b74d7ac5bdfe83b7fe9a1f00e045

  • SHA1

    93c1682483485fbc655940eb9597f142180ce3b9

  • SHA256

    48592f8974809e8b8bc430c87ab6ad2b85b8350ed8d5672af3c025c6b1ee6d95

  • SHA512

    835156cad663b62c65b228c72b7dffc71718421a7bc4af1fa554aadfdf0036f0b461272dc6d03550e18db7e82a803e00c79f1604f692b816b098023be17d6601

  • SSDEEP

    1536:NO3pA0OT01DMBnR2kKjOttrsni8mEm1axzo54160ZLcbZ/5chrUQVoMdUT+irF:N+A0b5qR2kKjsW+1Iy474Bqhr1Rhk

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      48592f8974809e8b8bc430c87ab6ad2b85b8350ed8d5672af3c025c6b1ee6d95

    • Size

      96KB

    • MD5

      87a3b74d7ac5bdfe83b7fe9a1f00e045

    • SHA1

      93c1682483485fbc655940eb9597f142180ce3b9

    • SHA256

      48592f8974809e8b8bc430c87ab6ad2b85b8350ed8d5672af3c025c6b1ee6d95

    • SHA512

      835156cad663b62c65b228c72b7dffc71718421a7bc4af1fa554aadfdf0036f0b461272dc6d03550e18db7e82a803e00c79f1604f692b816b098023be17d6601

    • SSDEEP

      1536:NO3pA0OT01DMBnR2kKjOttrsni8mEm1axzo54160ZLcbZ/5chrUQVoMdUT+irF:N+A0b5qR2kKjsW+1Iy474Bqhr1Rhk

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks