General

  • Target

    58c799483e4e55f0add746468dde7ca13cd3c7c74ced8595307259ddd7f4e58bN.exe

  • Size

    91KB

  • Sample

    241112-q4hrhsspet

  • MD5

    124d14936ff4a2cc065e9ee0d9651497

  • SHA1

    79e34383655f89fb47c875aa14dafea11577d0f3

  • SHA256

    a312d1e66eaf9092f91647f6c1975f15f9111298d62980712c97c0a069c349d6

  • SHA512

    7f2dad1368570d28da2b92dc0b20957e44e25c7a01ece2f9c74dda89a0b1d331d3e87e31a80c3257db540538cc34575aa49ebb4dca3690af6ccbd9a85209ab7a

  • SSDEEP

    1536:e2ZtH/TjtXD3ZjHeBVP1aMVXKYr/viVMi:/HlM15ao/vOMi

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      58c799483e4e55f0add746468dde7ca13cd3c7c74ced8595307259ddd7f4e58bN.exe

    • Size

      91KB

    • MD5

      124d14936ff4a2cc065e9ee0d9651497

    • SHA1

      79e34383655f89fb47c875aa14dafea11577d0f3

    • SHA256

      a312d1e66eaf9092f91647f6c1975f15f9111298d62980712c97c0a069c349d6

    • SHA512

      7f2dad1368570d28da2b92dc0b20957e44e25c7a01ece2f9c74dda89a0b1d331d3e87e31a80c3257db540538cc34575aa49ebb4dca3690af6ccbd9a85209ab7a

    • SSDEEP

      1536:e2ZtH/TjtXD3ZjHeBVP1aMVXKYr/viVMi:/HlM15ao/vOMi

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks