General

  • Target

    21e8c5e9315a521912cb2f55dbee912cdce9762778b0602b0a0a82217915ddcb.exe

  • Size

    92KB

  • Sample

    241112-rkscaaxmfq

  • MD5

    670a5fd400aae9c21f2469fcbb30fbeb

  • SHA1

    f3d3643cf8a08ed1a64105eccc3bded73e544d6e

  • SHA256

    21e8c5e9315a521912cb2f55dbee912cdce9762778b0602b0a0a82217915ddcb

  • SHA512

    c56fb0d0b4be81276b4649d07d46fc54c6f3e677b0547e13c40988129dd540134bf46ca089540a933cbe2f5571de58ecae5aa5f39a108bdf86d94e5208138f78

  • SSDEEP

    1536:wGjxGV8q3ste33JiYJdq8OrqQDURo/4XbKuN3imnunGP+W:XF7q3ue3sjr6Ro/4LKuVbe4+W

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      21e8c5e9315a521912cb2f55dbee912cdce9762778b0602b0a0a82217915ddcb.exe

    • Size

      92KB

    • MD5

      670a5fd400aae9c21f2469fcbb30fbeb

    • SHA1

      f3d3643cf8a08ed1a64105eccc3bded73e544d6e

    • SHA256

      21e8c5e9315a521912cb2f55dbee912cdce9762778b0602b0a0a82217915ddcb

    • SHA512

      c56fb0d0b4be81276b4649d07d46fc54c6f3e677b0547e13c40988129dd540134bf46ca089540a933cbe2f5571de58ecae5aa5f39a108bdf86d94e5208138f78

    • SSDEEP

      1536:wGjxGV8q3ste33JiYJdq8OrqQDURo/4XbKuN3imnunGP+W:XF7q3ue3sjr6Ro/4LKuVbe4+W

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks