General

  • Target

    4463c25897014b293142c190d9403795834abf2c7f96a3a8bc024d36b28c62d7.exe

  • Size

    96KB

  • Sample

    241112-q1pewsspa1

  • MD5

    33b6172b23cc0a15a582d8a8dcc94aef

  • SHA1

    b6f4286e3884115884dd26bdc9a8ed8ea996e882

  • SHA256

    4463c25897014b293142c190d9403795834abf2c7f96a3a8bc024d36b28c62d7

  • SHA512

    ee90cf8ac7972ff4cc30a691d9ef5d685abc6d886f7f4d9dd2713aeae210b4d39a0782c14b2f3555ba04c18ba1cc47985d0e22ec3021a93c909e096b07fd29d4

  • SSDEEP

    1536:2ER9nZ0a1k29n1rNBFvHUU9OSPjdCy+GRXXXXXXXXXXXXXXsXXXXXXxHXXXXXXy2:bnSghnFPUU9FBCyL/VskkVwtC7

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4463c25897014b293142c190d9403795834abf2c7f96a3a8bc024d36b28c62d7.exe

    • Size

      96KB

    • MD5

      33b6172b23cc0a15a582d8a8dcc94aef

    • SHA1

      b6f4286e3884115884dd26bdc9a8ed8ea996e882

    • SHA256

      4463c25897014b293142c190d9403795834abf2c7f96a3a8bc024d36b28c62d7

    • SHA512

      ee90cf8ac7972ff4cc30a691d9ef5d685abc6d886f7f4d9dd2713aeae210b4d39a0782c14b2f3555ba04c18ba1cc47985d0e22ec3021a93c909e096b07fd29d4

    • SSDEEP

      1536:2ER9nZ0a1k29n1rNBFvHUU9OSPjdCy+GRXXXXXXXXXXXXXXsXXXXXXxHXXXXXXy2:bnSghnFPUU9FBCyL/VskkVwtC7

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks