General

  • Target

    1015c339ac6b00827152b9e2a4cf3bf3ad144c1142b654f94a5c71e60afe9fda

  • Size

    77KB

  • Sample

    241224-ycrt4svqer

  • MD5

    cb8833f6ba097efe61a9920994a2d477

  • SHA1

    71a86728629f79e3c32e7e1585135ab8ddb5c54f

  • SHA256

    1015c339ac6b00827152b9e2a4cf3bf3ad144c1142b654f94a5c71e60afe9fda

  • SHA512

    f65d9674733a014c106f1921c2703d56b50c9bcf4772fb7f768b53c211ba24fd8641d3899ac08452f3972aaac109194bc431350e0b1e35c31743ee4f2abd495e

  • SSDEEP

    1536:0AmTi5RnQJsYZK+spNWQLC2m0zz85Vc9jh:0A4iboJZK+syQLCv+z85uxh

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1015c339ac6b00827152b9e2a4cf3bf3ad144c1142b654f94a5c71e60afe9fda

    • Size

      77KB

    • MD5

      cb8833f6ba097efe61a9920994a2d477

    • SHA1

      71a86728629f79e3c32e7e1585135ab8ddb5c54f

    • SHA256

      1015c339ac6b00827152b9e2a4cf3bf3ad144c1142b654f94a5c71e60afe9fda

    • SHA512

      f65d9674733a014c106f1921c2703d56b50c9bcf4772fb7f768b53c211ba24fd8641d3899ac08452f3972aaac109194bc431350e0b1e35c31743ee4f2abd495e

    • SSDEEP

      1536:0AmTi5RnQJsYZK+spNWQLC2m0zz85Vc9jh:0A4iboJZK+syQLCv+z85uxh

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks