General

  • Target

    d27ca77ef404c19e5e3c8fdb64718a3baa299c798c77d9b2bf5c645c297c03cd.exe

  • Size

    128KB

  • Sample

    241112-qzqxbstfjr

  • MD5

    dcea2b1a0e13275104faae8290812f16

  • SHA1

    236183b6de81d6e5825ce194eee862b966642ded

  • SHA256

    d27ca77ef404c19e5e3c8fdb64718a3baa299c798c77d9b2bf5c645c297c03cd

  • SHA512

    0c54de394e8a7c5d57df6aca28db7bb6f9c8364501ddc46d167abaa248cb6d237f2dd5b933a4a6f9182680ba8dadbf58ec2d969d6a3bf4074a0b2aa4f7581e6a

  • SSDEEP

    3072:WK8gSKJ/xesh07NevuORPriEznYfzB9BSwW0:sexeJelriYOzLco

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d27ca77ef404c19e5e3c8fdb64718a3baa299c798c77d9b2bf5c645c297c03cd.exe

    • Size

      128KB

    • MD5

      dcea2b1a0e13275104faae8290812f16

    • SHA1

      236183b6de81d6e5825ce194eee862b966642ded

    • SHA256

      d27ca77ef404c19e5e3c8fdb64718a3baa299c798c77d9b2bf5c645c297c03cd

    • SHA512

      0c54de394e8a7c5d57df6aca28db7bb6f9c8364501ddc46d167abaa248cb6d237f2dd5b933a4a6f9182680ba8dadbf58ec2d969d6a3bf4074a0b2aa4f7581e6a

    • SSDEEP

      3072:WK8gSKJ/xesh07NevuORPriEznYfzB9BSwW0:sexeJelriYOzLco

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks