General

  • Target

    013e18fc39024dc40a44a201f2dff243d69c40e6d82638dce874ee563954f74eN.exe

  • Size

    121KB

  • Sample

    241112-pjhqcasflb

  • MD5

    95a18b775014577dc42628a37bae4ac7

  • SHA1

    bad59517f9ae27b2eb2379880f1e3de4bff4aa9a

  • SHA256

    8ecdd910d1532c936904a707a37abbbe275a09a86dfb8dc7f49a61dc25a39a79

  • SHA512

    f2b0f8d3b1b1de12e7b5b6473de1a3da7c1654ee6ff12b5d31b3fcf1159e99ed4b386c619ed6e2ca28c7c4feae5b15ef6c8fe27238fe71f7dc120f3a415473fd

  • SSDEEP

    3072:VMZ4hulJBoCBoPker6Rdhd+O7AJnD5tvo:VmGQoPqjd+Oarvo

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      013e18fc39024dc40a44a201f2dff243d69c40e6d82638dce874ee563954f74eN.exe

    • Size

      121KB

    • MD5

      95a18b775014577dc42628a37bae4ac7

    • SHA1

      bad59517f9ae27b2eb2379880f1e3de4bff4aa9a

    • SHA256

      8ecdd910d1532c936904a707a37abbbe275a09a86dfb8dc7f49a61dc25a39a79

    • SHA512

      f2b0f8d3b1b1de12e7b5b6473de1a3da7c1654ee6ff12b5d31b3fcf1159e99ed4b386c619ed6e2ca28c7c4feae5b15ef6c8fe27238fe71f7dc120f3a415473fd

    • SSDEEP

      3072:VMZ4hulJBoCBoPker6Rdhd+O7AJnD5tvo:VmGQoPqjd+Oarvo

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks