General

  • Target

    f19deb7dc4186594ac4478a2952e772687087a5f8ddc69996a39a812106c2232.exe

  • Size

    109KB

  • Sample

    241112-plhhcssfnc

  • MD5

    15df56a2eb6f9af82abaf0a493eba0ca

  • SHA1

    fcb9dc030194956e7de08b7bb3812e503f943d31

  • SHA256

    f19deb7dc4186594ac4478a2952e772687087a5f8ddc69996a39a812106c2232

  • SHA512

    2af311245d8eeddd6ec52cd1b3315e578963e9c24add6a9c0ee9f07788c44ee12bb04d889a0967e8c20794aa5b1182225b6e90ad8576e49557e50c91e7ce46f0

  • SSDEEP

    3072:5TmJfNCz62EnqHgMoJ9kLCqwzBu1DjHLMVDqqkSp9:UdnnmoJ9swtu1DjrFqhP

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f19deb7dc4186594ac4478a2952e772687087a5f8ddc69996a39a812106c2232.exe

    • Size

      109KB

    • MD5

      15df56a2eb6f9af82abaf0a493eba0ca

    • SHA1

      fcb9dc030194956e7de08b7bb3812e503f943d31

    • SHA256

      f19deb7dc4186594ac4478a2952e772687087a5f8ddc69996a39a812106c2232

    • SHA512

      2af311245d8eeddd6ec52cd1b3315e578963e9c24add6a9c0ee9f07788c44ee12bb04d889a0967e8c20794aa5b1182225b6e90ad8576e49557e50c91e7ce46f0

    • SSDEEP

      3072:5TmJfNCz62EnqHgMoJ9kLCqwzBu1DjHLMVDqqkSp9:UdnnmoJ9swtu1DjrFqhP

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks