General

  • Target

    d5a92d68c6a561f5d6bd0fccefc0fa8c38fea126d1c1a20c10900795d4dda665N.exe

  • Size

    96KB

  • Sample

    241112-q1aazatflc

  • MD5

    328622b5900fa042a2e44591921e78ba

  • SHA1

    b47d9b4fe25416b6f80ea0c6480468702e66f152

  • SHA256

    b544d1833730895070a8209895ec7db554e912a447b63f80d031dfcc9efde61d

  • SHA512

    21de27459f4aea152ed150cef4821f2d5efe6d893cfc2f6e55c59157413b9d5d45ea53b8bcc831732889c1f01e28b6c934d6e2cb92137d409aee54dd60119b78

  • SSDEEP

    3072:Bdjl9akiC58xy2mjCBBAHMIRMpGd69jc0vR:Hd+w2/IR+Gd6NVR

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d5a92d68c6a561f5d6bd0fccefc0fa8c38fea126d1c1a20c10900795d4dda665N.exe

    • Size

      96KB

    • MD5

      328622b5900fa042a2e44591921e78ba

    • SHA1

      b47d9b4fe25416b6f80ea0c6480468702e66f152

    • SHA256

      b544d1833730895070a8209895ec7db554e912a447b63f80d031dfcc9efde61d

    • SHA512

      21de27459f4aea152ed150cef4821f2d5efe6d893cfc2f6e55c59157413b9d5d45ea53b8bcc831732889c1f01e28b6c934d6e2cb92137d409aee54dd60119b78

    • SSDEEP

      3072:Bdjl9akiC58xy2mjCBBAHMIRMpGd69jc0vR:Hd+w2/IR+Gd6NVR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks