General

  • Target

    ac1b744ae147f199c02ee5281bcf1039fe72e3324c81de3dfda9e241b8655bbe

  • Size

    74KB

  • Sample

    241224-ap2yvawnbv

  • MD5

    44fdc773009c98d994c6ee718fd8b294

  • SHA1

    bd363e34481ed07c1ab3553d5320a8f445b87722

  • SHA256

    ac1b744ae147f199c02ee5281bcf1039fe72e3324c81de3dfda9e241b8655bbe

  • SHA512

    4d70f6c1de5c9f32f4fe24af0c0b02776110d608b2ede2e3e0a92aa6dfafbfcd62981b2d64cfb191a958d9e7d7e78041c9464d8898933cbfda7c69ec5634edaa

  • SSDEEP

    1536:wYdhJH7Z9TS+mxlygaWh2xes7TfIMMZhDnyD3IV:VH7Z0/c8CDTfIMyZnmIV

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ac1b744ae147f199c02ee5281bcf1039fe72e3324c81de3dfda9e241b8655bbe

    • Size

      74KB

    • MD5

      44fdc773009c98d994c6ee718fd8b294

    • SHA1

      bd363e34481ed07c1ab3553d5320a8f445b87722

    • SHA256

      ac1b744ae147f199c02ee5281bcf1039fe72e3324c81de3dfda9e241b8655bbe

    • SHA512

      4d70f6c1de5c9f32f4fe24af0c0b02776110d608b2ede2e3e0a92aa6dfafbfcd62981b2d64cfb191a958d9e7d7e78041c9464d8898933cbfda7c69ec5634edaa

    • SSDEEP

      1536:wYdhJH7Z9TS+mxlygaWh2xes7TfIMMZhDnyD3IV:VH7Z0/c8CDTfIMyZnmIV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks