General

  • Target

    8d1df4629a3e1209f697a28f94b42025b345343988ffe9373bae7f86dc80e168

  • Size

    93KB

  • Sample

    241225-aqyb2s1rev

  • MD5

    9abd940db462d8d7b0529308375916b2

  • SHA1

    537bbe4598993916b49bbd0414fe086b49f1de67

  • SHA256

    8d1df4629a3e1209f697a28f94b42025b345343988ffe9373bae7f86dc80e168

  • SHA512

    3a3a20eb449fe298d33d440bc0d27b1314ffbc6f4229bece66ede3e36a38ea844b25ae3d4092546d5f5cf3db1a84a6af3c5e02a0cb5e95a90b8d8f850b71539f

  • SSDEEP

    1536:n0bp+/G8QqSsigZ0M4Wwgqa5ufFTEklnst7tdITNjiwg58:6SQqP//vwB4GE97zIJY58

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8d1df4629a3e1209f697a28f94b42025b345343988ffe9373bae7f86dc80e168

    • Size

      93KB

    • MD5

      9abd940db462d8d7b0529308375916b2

    • SHA1

      537bbe4598993916b49bbd0414fe086b49f1de67

    • SHA256

      8d1df4629a3e1209f697a28f94b42025b345343988ffe9373bae7f86dc80e168

    • SHA512

      3a3a20eb449fe298d33d440bc0d27b1314ffbc6f4229bece66ede3e36a38ea844b25ae3d4092546d5f5cf3db1a84a6af3c5e02a0cb5e95a90b8d8f850b71539f

    • SSDEEP

      1536:n0bp+/G8QqSsigZ0M4Wwgqa5ufFTEklnst7tdITNjiwg58:6SQqP//vwB4GE97zIJY58

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks