General

  • Target

    0a23f135f1523e186408b95ff37d0963d00be96e3e66571393b6c0f87085525bN.exe

  • Size

    357KB

  • Sample

    241111-my145ayenf

  • MD5

    ea0d13ff329cddf5e28e535451b4a0b3

  • SHA1

    a09f9564905a364f69c9d24c5cb5c85fb702db07

  • SHA256

    7585d8999e1411041c1cb2bb9a127bf3c5dd8264ad3c51e261ef7ed3580756f1

  • SHA512

    65b99c6e20b973e69a6f1a5a62892d5eddb964062b48b41ed49a81fd699545028297fa46134dae025cded18188b70a406090be396fa84142f1d01c8e35c76605

  • SSDEEP

    6144:oDYCt59MMegm11n6xJmPMwZoXpKtCe8AUReheFlfSZR0SvsuFrGoyeg3kl+fiXFO:ofqZoXpKtCe1eehil6ZR5ZrQeg3kljFO

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0a23f135f1523e186408b95ff37d0963d00be96e3e66571393b6c0f87085525bN.exe

    • Size

      357KB

    • MD5

      ea0d13ff329cddf5e28e535451b4a0b3

    • SHA1

      a09f9564905a364f69c9d24c5cb5c85fb702db07

    • SHA256

      7585d8999e1411041c1cb2bb9a127bf3c5dd8264ad3c51e261ef7ed3580756f1

    • SHA512

      65b99c6e20b973e69a6f1a5a62892d5eddb964062b48b41ed49a81fd699545028297fa46134dae025cded18188b70a406090be396fa84142f1d01c8e35c76605

    • SSDEEP

      6144:oDYCt59MMegm11n6xJmPMwZoXpKtCe8AUReheFlfSZR0SvsuFrGoyeg3kl+fiXFO:ofqZoXpKtCe1eehil6ZR5ZrQeg3kljFO

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks