General

  • Target

    43ca2fc8e95a26095dcc796e0cd37364d292085eb2be6559437d459891afbd9eN.exe

  • Size

    512KB

  • Sample

    241112-rjlhcaxmdq

  • MD5

    53aa397b7ad890b9a00cda54299352be

  • SHA1

    6e7aa3fd0ad8da77723f19a58cb3229531e1aff9

  • SHA256

    359c19575930aa709492beef8d3172a9d2457bc0c4db778c1a1c5f252b4a653f

  • SHA512

    1578ed79b7e548410bbccf21896509a39035942b0921f9e777e93a134df250760857060425b978666eaccdf038a178d410c2a3955316690d0be2eeb148c2f2ce

  • SSDEEP

    12288:HtUZBkx52GyXu1jGG1wsGeBgRTGAzciETdqvZNemWrsiLk6mqgSgI:N69GyXsGG1wsLUT3IipK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      43ca2fc8e95a26095dcc796e0cd37364d292085eb2be6559437d459891afbd9eN.exe

    • Size

      512KB

    • MD5

      53aa397b7ad890b9a00cda54299352be

    • SHA1

      6e7aa3fd0ad8da77723f19a58cb3229531e1aff9

    • SHA256

      359c19575930aa709492beef8d3172a9d2457bc0c4db778c1a1c5f252b4a653f

    • SHA512

      1578ed79b7e548410bbccf21896509a39035942b0921f9e777e93a134df250760857060425b978666eaccdf038a178d410c2a3955316690d0be2eeb148c2f2ce

    • SSDEEP

      12288:HtUZBkx52GyXu1jGG1wsGeBgRTGAzciETdqvZNemWrsiLk6mqgSgI:N69GyXsGG1wsLUT3IipK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks