General

  • Target

    8d83cf810772bdb5e7f29331c38adc0ef9e354a0bedbd7522e3229befe4e4357.exe

  • Size

    90KB

  • Sample

    241111-msj9esydpc

  • MD5

    7f3c2a91c2a290453618c556a08008f9

  • SHA1

    dd1b298136aba0044d11f3781a75fe8ae454a78c

  • SHA256

    8d83cf810772bdb5e7f29331c38adc0ef9e354a0bedbd7522e3229befe4e4357

  • SHA512

    6c75999d5fd145667ad17272df36e32325f4cbe679f0e51a608e025880f3bb44adc35c1fbf9d8848709b72a64b311e940ff15584b19b73be70e48939b226a7d8

  • SSDEEP

    1536:4gqRorQ5n0GL/g6DneDv8/NeT9aGt4JvRGFQlAuPRKj7on7OBDr0wmuDQi65SMo1:4doMZ/lwkI9agk5PRK3onCr/pSSbG1uV

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      8d83cf810772bdb5e7f29331c38adc0ef9e354a0bedbd7522e3229befe4e4357.exe

    • Size

      90KB

    • MD5

      7f3c2a91c2a290453618c556a08008f9

    • SHA1

      dd1b298136aba0044d11f3781a75fe8ae454a78c

    • SHA256

      8d83cf810772bdb5e7f29331c38adc0ef9e354a0bedbd7522e3229befe4e4357

    • SHA512

      6c75999d5fd145667ad17272df36e32325f4cbe679f0e51a608e025880f3bb44adc35c1fbf9d8848709b72a64b311e940ff15584b19b73be70e48939b226a7d8

    • SSDEEP

      1536:4gqRorQ5n0GL/g6DneDv8/NeT9aGt4JvRGFQlAuPRKj7on7OBDr0wmuDQi65SMo1:4doMZ/lwkI9agk5PRK3onCr/pSSbG1uV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks