General

  • Target

    0b8a7b71512d4671d5c0390a5b13c8bc93dbde9ad3651845885d9dac5c7b278aN.exe

  • Size

    669KB

  • Sample

    241111-pwwgzazcpb

  • MD5

    03a19575a05aff9b7e65663a25636253

  • SHA1

    6019aa67f2d16b00097cc65e7ef1c98bfa11b860

  • SHA256

    bc3cb5985b7cd4486ad5446b7a61965c1677487d8608ca5d27df5530afb0c97d

  • SHA512

    6abab367bb5088b5c3d3be28e2e60bc26b8b78eb9e4a2e1238df56b21b568c186f0c3c9dd8520a428dad5346f07f3d30dfdd3cbdee1751a058ec24b01e03dbca

  • SSDEEP

    12288:i/VwN3eVKhMpQnqr+cI3a72LXrY6x46UbR/qYglM0:yV0OchMpQnqrdX72LbY6x46uR/qYglM0

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0b8a7b71512d4671d5c0390a5b13c8bc93dbde9ad3651845885d9dac5c7b278aN.exe

    • Size

      669KB

    • MD5

      03a19575a05aff9b7e65663a25636253

    • SHA1

      6019aa67f2d16b00097cc65e7ef1c98bfa11b860

    • SHA256

      bc3cb5985b7cd4486ad5446b7a61965c1677487d8608ca5d27df5530afb0c97d

    • SHA512

      6abab367bb5088b5c3d3be28e2e60bc26b8b78eb9e4a2e1238df56b21b568c186f0c3c9dd8520a428dad5346f07f3d30dfdd3cbdee1751a058ec24b01e03dbca

    • SSDEEP

      12288:i/VwN3eVKhMpQnqr+cI3a72LXrY6x46UbR/qYglM0:yV0OchMpQnqrdX72LbY6x46uR/qYglM0

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks