General

  • Target

    544f880f272b96be85cbeb060473a950f4ffc97382cf202f7066faf55c1aa09eN.exe

  • Size

    144KB

  • Sample

    241112-pcvfkavqfm

  • MD5

    2ba51d4765d738b5c59c21b41dfd325d

  • SHA1

    df484001e8c903ea8b8f71a3e81af48291bbd19b

  • SHA256

    514d7b3867e25671e7a712c8001ed5f2bad3af24aedf25cbfa025d339e2d8ba0

  • SHA512

    1f40c9656c646172162bafce736b726c2a9b40ef8d1fed3ecb0413038f1723d7a0e9e920680d69b439268b9ec3f27d4bc63f5008ec54a552dbb0deb95c7d3f91

  • SSDEEP

    3072:t6aXuhpHfpvM4hhqBRzWwdlWLhR1zdH13+EE+RaZ6r+GDZnBcVx:cfxvMdH2b1zd5IF6rfBBcVx

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      544f880f272b96be85cbeb060473a950f4ffc97382cf202f7066faf55c1aa09eN.exe

    • Size

      144KB

    • MD5

      2ba51d4765d738b5c59c21b41dfd325d

    • SHA1

      df484001e8c903ea8b8f71a3e81af48291bbd19b

    • SHA256

      514d7b3867e25671e7a712c8001ed5f2bad3af24aedf25cbfa025d339e2d8ba0

    • SHA512

      1f40c9656c646172162bafce736b726c2a9b40ef8d1fed3ecb0413038f1723d7a0e9e920680d69b439268b9ec3f27d4bc63f5008ec54a552dbb0deb95c7d3f91

    • SSDEEP

      3072:t6aXuhpHfpvM4hhqBRzWwdlWLhR1zdH13+EE+RaZ6r+GDZnBcVx:cfxvMdH2b1zd5IF6rfBBcVx

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks