General

  • Target

    08a30dee9cfecef451b9d1ad2da84da3bcd74309a5c55ba276b9e8d3b03b2f48N.exe

  • Size

    768KB

  • Sample

    241111-pnakjayhkr

  • MD5

    0c750354d7a0c87f4e707b4e2a40bb3b

  • SHA1

    293b2e47f79a82de23971d45ffbd4ea3eb3176dd

  • SHA256

    e8eaf9490dbbcc19dc3e90ea6bda091755ee82221b291fe70ed19d48594c9c31

  • SHA512

    80c6827144241e041f4b5480d9e033f93f018b9fe5d5a70601cdd6e31ced05c1b7152b9e88fccad959f9525b9e372ea127117c2d3657da943d0a606114c44f38

  • SSDEEP

    24576:31Lim0BmmvFimm0Xcr6VDsEqacjgqANXcolMZ5nNxvM0oL+:lLGiTWVDBzcjgBNXcolMZ5nNxvM0oL+

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      08a30dee9cfecef451b9d1ad2da84da3bcd74309a5c55ba276b9e8d3b03b2f48N.exe

    • Size

      768KB

    • MD5

      0c750354d7a0c87f4e707b4e2a40bb3b

    • SHA1

      293b2e47f79a82de23971d45ffbd4ea3eb3176dd

    • SHA256

      e8eaf9490dbbcc19dc3e90ea6bda091755ee82221b291fe70ed19d48594c9c31

    • SHA512

      80c6827144241e041f4b5480d9e033f93f018b9fe5d5a70601cdd6e31ced05c1b7152b9e88fccad959f9525b9e372ea127117c2d3657da943d0a606114c44f38

    • SSDEEP

      24576:31Lim0BmmvFimm0Xcr6VDsEqacjgqANXcolMZ5nNxvM0oL+:lLGiTWVDBzcjgBNXcolMZ5nNxvM0oL+

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks