General

  • Target

    d16b33160a8d33033a9a5bc37a0db823b00badd4c468a905b4303eb58efbee87.exe

  • Size

    93KB

  • Sample

    241112-rvg93avclb

  • MD5

    80ce80bedce41ab247a02ae8bba39252

  • SHA1

    db3a5dbb8da37db1d5d411bc1c95d687bbe1dc8b

  • SHA256

    d16b33160a8d33033a9a5bc37a0db823b00badd4c468a905b4303eb58efbee87

  • SHA512

    cbf1111a83830c429b6eb7f5b45894d0c882adeb8039fbe3b012579bc841654f3786096ae4c5784f62d0cbe70e818c255537e193427b844215842371d4600745

  • SSDEEP

    1536:XWnTEXfR2fU4hW2vRZw+AtOj/gxuENu5ucsaMiwihtIbbpkz:mgXfR2VWPcYBNu5vdMiwaIbbpkz

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d16b33160a8d33033a9a5bc37a0db823b00badd4c468a905b4303eb58efbee87.exe

    • Size

      93KB

    • MD5

      80ce80bedce41ab247a02ae8bba39252

    • SHA1

      db3a5dbb8da37db1d5d411bc1c95d687bbe1dc8b

    • SHA256

      d16b33160a8d33033a9a5bc37a0db823b00badd4c468a905b4303eb58efbee87

    • SHA512

      cbf1111a83830c429b6eb7f5b45894d0c882adeb8039fbe3b012579bc841654f3786096ae4c5784f62d0cbe70e818c255537e193427b844215842371d4600745

    • SSDEEP

      1536:XWnTEXfR2fU4hW2vRZw+AtOj/gxuENu5ucsaMiwihtIbbpkz:mgXfR2VWPcYBNu5vdMiwaIbbpkz

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks