General

  • Target

    6dfac83e3d6dafd8b7d67d89f4457a9a65d27dcf4114aea1169e5391a82c1fd7N.exe

  • Size

    378KB

  • Sample

    241112-nrwrhasble

  • MD5

    f4a2a78b9c8b5e4be98e0bc4757d7c74

  • SHA1

    dd537db9aa33e5f7f8ddfaac45cb6a9196bdf7bf

  • SHA256

    9d2528b51a82a500bc0693c4feafae8467978aca3a675233265f17eb525a7214

  • SHA512

    af51a6f471983b043091a73eee502ca8db10e0542ad76fa5fef1c66a52b4e54569b79c2fc026b59b58b17b4c95ec58d347bec5abad1dd1e0ef569c77c9b02f92

  • SSDEEP

    6144:cq8oSpgS+EHeYr75lHzpaF2e6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42GTQn:cqKHeYr75lTefkY660fIaDZkY660f2l3

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6dfac83e3d6dafd8b7d67d89f4457a9a65d27dcf4114aea1169e5391a82c1fd7N.exe

    • Size

      378KB

    • MD5

      f4a2a78b9c8b5e4be98e0bc4757d7c74

    • SHA1

      dd537db9aa33e5f7f8ddfaac45cb6a9196bdf7bf

    • SHA256

      9d2528b51a82a500bc0693c4feafae8467978aca3a675233265f17eb525a7214

    • SHA512

      af51a6f471983b043091a73eee502ca8db10e0542ad76fa5fef1c66a52b4e54569b79c2fc026b59b58b17b4c95ec58d347bec5abad1dd1e0ef569c77c9b02f92

    • SSDEEP

      6144:cq8oSpgS+EHeYr75lHzpaF2e6UK+42GTQMJSZO5f7M0rx7/hP66qve6UK+42GTQn:cqKHeYr75lTefkY660fIaDZkY660f2l3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks