General

  • Target

    bfae5ba44ec7db69716e4c126654f85a494b916a9996d82db1efad568ca53786.exe

  • Size

    512KB

  • Sample

    241112-rrs76avbpd

  • MD5

    e1059b0bac270d230cc26e9404d14086

  • SHA1

    42bf548805bb921323aed9ca088d2b57cb716cc5

  • SHA256

    bfae5ba44ec7db69716e4c126654f85a494b916a9996d82db1efad568ca53786

  • SHA512

    3e167a3932c860f5eef9acfdb9e0ef9bbc2453f9af1653a234aec323790c904698087c68fba4bc069bea5e1e23c98d3a2d9625e83c342975d27d60eb893525ae

  • SSDEEP

    12288:/ElzsHmGyXu1jGG1wsGeBgRTGAzciETdqvZNemWrsiLk6mqgSgf:81DGyXsGG1wsLUT3IipZ

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bfae5ba44ec7db69716e4c126654f85a494b916a9996d82db1efad568ca53786.exe

    • Size

      512KB

    • MD5

      e1059b0bac270d230cc26e9404d14086

    • SHA1

      42bf548805bb921323aed9ca088d2b57cb716cc5

    • SHA256

      bfae5ba44ec7db69716e4c126654f85a494b916a9996d82db1efad568ca53786

    • SHA512

      3e167a3932c860f5eef9acfdb9e0ef9bbc2453f9af1653a234aec323790c904698087c68fba4bc069bea5e1e23c98d3a2d9625e83c342975d27d60eb893525ae

    • SSDEEP

      12288:/ElzsHmGyXu1jGG1wsGeBgRTGAzciETdqvZNemWrsiLk6mqgSgf:81DGyXsGG1wsLUT3IipZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks