General

  • Target

    370cd9504795dc70415fd1c25d2469943789a362d027fcd4161eea972555e549.exe

  • Size

    400KB

  • Sample

    241112-nmqdxssamc

  • MD5

    e83730ea93da9fa3a6eda3b4a3c1ac9c

  • SHA1

    b2d9dbf112597969bd3c74dff2e2f84288f2ab40

  • SHA256

    370cd9504795dc70415fd1c25d2469943789a362d027fcd4161eea972555e549

  • SHA512

    bdebe013a454cb1ca009319a6e837d18f55a2c860e6e8759a6b098353e6ae8113b1e9477a4222229ed0a48ee1a3210124bd5e86a6a688cf705fe80b93e19e64e

  • SSDEEP

    6144:wFyGz/OSN7QO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwHlGrh/tObQOg:6yGz/h/+zrWAI5KFum/+zrWAIAqWim/g

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      370cd9504795dc70415fd1c25d2469943789a362d027fcd4161eea972555e549.exe

    • Size

      400KB

    • MD5

      e83730ea93da9fa3a6eda3b4a3c1ac9c

    • SHA1

      b2d9dbf112597969bd3c74dff2e2f84288f2ab40

    • SHA256

      370cd9504795dc70415fd1c25d2469943789a362d027fcd4161eea972555e549

    • SHA512

      bdebe013a454cb1ca009319a6e837d18f55a2c860e6e8759a6b098353e6ae8113b1e9477a4222229ed0a48ee1a3210124bd5e86a6a688cf705fe80b93e19e64e

    • SSDEEP

      6144:wFyGz/OSN7QO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwHlGrh/tObQOg:6yGz/h/+zrWAI5KFum/+zrWAIAqWim/g

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks