General

  • Target

    3a435a972f0d66cbcdc7cbeb282d4f8915144c5bc7bb526d43f29d28ebc454ed

  • Size

    400KB

  • Sample

    241223-zhr8ha1jax

  • MD5

    647c83e180f307deb227a206dfac2562

  • SHA1

    70581ad90f6be18b5f4fd11b65606ed7159034e2

  • SHA256

    3a435a972f0d66cbcdc7cbeb282d4f8915144c5bc7bb526d43f29d28ebc454ed

  • SHA512

    f335056248baec73501a637949a518520f594504239a239b764948ba40135ed4f9acb93ea043dc376eff6c3e034ea3d487495559a3aa00ad53f6615236e26629

  • SSDEEP

    12288:7puUcoV3/+zrWAI5KFum/+zrWAIAqWim/k:7xcc3m0BmmvFimc

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3a435a972f0d66cbcdc7cbeb282d4f8915144c5bc7bb526d43f29d28ebc454ed

    • Size

      400KB

    • MD5

      647c83e180f307deb227a206dfac2562

    • SHA1

      70581ad90f6be18b5f4fd11b65606ed7159034e2

    • SHA256

      3a435a972f0d66cbcdc7cbeb282d4f8915144c5bc7bb526d43f29d28ebc454ed

    • SHA512

      f335056248baec73501a637949a518520f594504239a239b764948ba40135ed4f9acb93ea043dc376eff6c3e034ea3d487495559a3aa00ad53f6615236e26629

    • SSDEEP

      12288:7puUcoV3/+zrWAI5KFum/+zrWAIAqWim/k:7xcc3m0BmmvFimc

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks