General

  • Target

    b43aa91f27d415276d44a3fef48627badb38a9bdf4bfa36a3e794eba35f8fde0N.exe

  • Size

    384KB

  • Sample

    241111-p9xl7azbjq

  • MD5

    211d5c46286996d1af455083f93b3f8b

  • SHA1

    986cf8996d388cd057e5f6879c2eaaada92e5c40

  • SHA256

    603477f2c751204d01786ee2a2bdac7134162e1116984c3f440a0582f013bc59

  • SHA512

    dc70107b638249aaa4e266212398da3389e1cc26fa4aa2bd8b7521cc42803227fe0ded6e4f853f9fead9cb51fa80632cf3894a4c60d32ce395ab4cb9776d09ed

  • SSDEEP

    12288:He71LMGyXu1jGG1wsGeBgRTGAzciETdqvZNemWrsiLk6i:+7aGyXsGG1wsLUT3IiH

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b43aa91f27d415276d44a3fef48627badb38a9bdf4bfa36a3e794eba35f8fde0N.exe

    • Size

      384KB

    • MD5

      211d5c46286996d1af455083f93b3f8b

    • SHA1

      986cf8996d388cd057e5f6879c2eaaada92e5c40

    • SHA256

      603477f2c751204d01786ee2a2bdac7134162e1116984c3f440a0582f013bc59

    • SHA512

      dc70107b638249aaa4e266212398da3389e1cc26fa4aa2bd8b7521cc42803227fe0ded6e4f853f9fead9cb51fa80632cf3894a4c60d32ce395ab4cb9776d09ed

    • SSDEEP

      12288:He71LMGyXu1jGG1wsGeBgRTGAzciETdqvZNemWrsiLk6i:+7aGyXsGG1wsLUT3IiH

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks