General

  • Target

    df21f0a2da43f6304b64b39f27164c4382853f726e11706e92d4dd47f1552296N.exe

  • Size

    207KB

  • Sample

    241111-pdfzkasnbj

  • MD5

    44d549d03f6322352ffb788a2b9afb79

  • SHA1

    910a242dbc5e4262c70ec0210932944a6b6d7359

  • SHA256

    cddd876c9847b79f49b772d1206d77ea1061290ac99b986d95acfead5f4068f3

  • SHA512

    5be803817c0dc3429c8c0e891443ea8a4269523cfa56a22448cb575643c0dffb6e0a3d25ba4ebebdf5b92ac1101341b81229a9e3bdec82ec65c78b3ce20813aa

  • SSDEEP

    3072:Xw795OtE/r30x+nNLQ25NluIalvVjoSdoxx4KcWmjRrzyAyAtWgoJSWYVo2ASOvJ:S95OtEIx2NlelvVjj+VPj92d62ASOwje

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      df21f0a2da43f6304b64b39f27164c4382853f726e11706e92d4dd47f1552296N.exe

    • Size

      207KB

    • MD5

      44d549d03f6322352ffb788a2b9afb79

    • SHA1

      910a242dbc5e4262c70ec0210932944a6b6d7359

    • SHA256

      cddd876c9847b79f49b772d1206d77ea1061290ac99b986d95acfead5f4068f3

    • SHA512

      5be803817c0dc3429c8c0e891443ea8a4269523cfa56a22448cb575643c0dffb6e0a3d25ba4ebebdf5b92ac1101341b81229a9e3bdec82ec65c78b3ce20813aa

    • SSDEEP

      3072:Xw795OtE/r30x+nNLQ25NluIalvVjoSdoxx4KcWmjRrzyAyAtWgoJSWYVo2ASOvJ:S95OtEIx2NlelvVjj+VPj92d62ASOwje

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks