General

  • Target

    f870f8f5c403349e4eec42051cfdbfa791b73a7d61e1c21a4ddf20ab62e28ddd

  • Size

    2.5MB

  • Sample

    241225-ey3c7axqax

  • MD5

    4603eeb15bde3a25bf78fdb01a06ea85

  • SHA1

    2da78ea385aea1ea07e81a034fc541cc68b99a81

  • SHA256

    f870f8f5c403349e4eec42051cfdbfa791b73a7d61e1c21a4ddf20ab62e28ddd

  • SHA512

    cbb7f11c36b26aaf1bc835e3d94daa388644304241ddb5fc9ac7504c93000489414a6f00cd4d375a8ce309f13d50be7ab9844fd12cd13f50564662fb8c4fbb7f

  • SSDEEP

    12288:xu5kY660JVaw0HBHOehl0oDL/eToo5Li2:xu5gdVaw0HBFhWof/0o8

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f870f8f5c403349e4eec42051cfdbfa791b73a7d61e1c21a4ddf20ab62e28ddd

    • Size

      2.5MB

    • MD5

      4603eeb15bde3a25bf78fdb01a06ea85

    • SHA1

      2da78ea385aea1ea07e81a034fc541cc68b99a81

    • SHA256

      f870f8f5c403349e4eec42051cfdbfa791b73a7d61e1c21a4ddf20ab62e28ddd

    • SHA512

      cbb7f11c36b26aaf1bc835e3d94daa388644304241ddb5fc9ac7504c93000489414a6f00cd4d375a8ce309f13d50be7ab9844fd12cd13f50564662fb8c4fbb7f

    • SSDEEP

      12288:xu5kY660JVaw0HBHOehl0oDL/eToo5Li2:xu5gdVaw0HBFhWof/0o8

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks