General

  • Target

    c27ebaef63770bde67320c6b58f04b7092a7734dc02d8d7cbee3281eb32774ddN

  • Size

    96KB

  • Sample

    241107-ehexysvhmm

  • MD5

    524545b482b1e3c14d30a0feb3c757f0

  • SHA1

    d70ba9ae3f34761e8ccd63c26fec2273f3e563c2

  • SHA256

    c27ebaef63770bde67320c6b58f04b7092a7734dc02d8d7cbee3281eb32774dd

  • SHA512

    006c3c8fb9a31ea1c3b54f9c99b8d531ed4f9491b8b3e16a652dcbc7ea9567b1f9d7a2adb64aa8320138d858410645f3484b3628abf5dfda53f51e5278f38f3b

  • SSDEEP

    1536:qix4BTjR3uWvGtnN3gMvr1zFlxiBH8DQUCXNxIJ62tl74S7V+5pUMv84WMRw8Dkb:qo4VjReWvGtnN3jvr1zFvkHwQUCdxIJV

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c27ebaef63770bde67320c6b58f04b7092a7734dc02d8d7cbee3281eb32774ddN

    • Size

      96KB

    • MD5

      524545b482b1e3c14d30a0feb3c757f0

    • SHA1

      d70ba9ae3f34761e8ccd63c26fec2273f3e563c2

    • SHA256

      c27ebaef63770bde67320c6b58f04b7092a7734dc02d8d7cbee3281eb32774dd

    • SHA512

      006c3c8fb9a31ea1c3b54f9c99b8d531ed4f9491b8b3e16a652dcbc7ea9567b1f9d7a2adb64aa8320138d858410645f3484b3628abf5dfda53f51e5278f38f3b

    • SSDEEP

      1536:qix4BTjR3uWvGtnN3gMvr1zFlxiBH8DQUCXNxIJ62tl74S7V+5pUMv84WMRw8Dkb:qo4VjReWvGtnN3jvr1zFvkHwQUCdxIJV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks