General

  • Target

    23dd1bc1133452f8668ba23e7fef5163cf5e06d682b6e95c5b207a9f834defb6

  • Size

    109KB

  • Sample

    250127-zbct8svner

  • MD5

    a9033fa50c8a6ea90bf04fa12705c2b6

  • SHA1

    17d598daa8c6146e1694a8b93813ac2db127b8ab

  • SHA256

    23dd1bc1133452f8668ba23e7fef5163cf5e06d682b6e95c5b207a9f834defb6

  • SHA512

    b0373e915a7ccf6ad599e1db78b7aeff7a34e549cc104a7ff4f4f83a062b9f910f6371c8276bb3e35651af28f44abcd452447e370f37328d0bbd8823b69d446b

  • SSDEEP

    3072:dueVGZOspCve+A8fo3PXl9Z7S/yCsKh2EzZA/z:gecZXgv/Ago35e/yCthvUz

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      23dd1bc1133452f8668ba23e7fef5163cf5e06d682b6e95c5b207a9f834defb6

    • Size

      109KB

    • MD5

      a9033fa50c8a6ea90bf04fa12705c2b6

    • SHA1

      17d598daa8c6146e1694a8b93813ac2db127b8ab

    • SHA256

      23dd1bc1133452f8668ba23e7fef5163cf5e06d682b6e95c5b207a9f834defb6

    • SHA512

      b0373e915a7ccf6ad599e1db78b7aeff7a34e549cc104a7ff4f4f83a062b9f910f6371c8276bb3e35651af28f44abcd452447e370f37328d0bbd8823b69d446b

    • SSDEEP

      3072:dueVGZOspCve+A8fo3PXl9Z7S/yCsKh2EzZA/z:gecZXgv/Ago35e/yCthvUz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks