General

  • Target

    eeae1b67eeda3c509ea50fcece96684f4c5069e349f04aa93d21f107cbc19e96.exe

  • Size

    89KB

  • Sample

    241113-j1snzs1nbl

  • MD5

    9c19f6f672d53ea02851e4356e498134

  • SHA1

    cb23a3493cfc7f13cec651e0bcfedc9df6783b13

  • SHA256

    eeae1b67eeda3c509ea50fcece96684f4c5069e349f04aa93d21f107cbc19e96

  • SHA512

    10fcbdfa9adca52ff554d330219ba04faa8afe79ec4725838069c98c6f8f575bdf09096db68ed7a8a751b3f2b90254d694ef33d84b591b82fdf8ae2f6e2db850

  • SSDEEP

    1536:lpH4/4DoI3zXcAp7cf7d8wKMdDpRiJxyEa5zmYowBSce9JRcV5lExkg8F8:L4/4DF3zXTp7Ed8wKMdDpRic5zmYIck9

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      eeae1b67eeda3c509ea50fcece96684f4c5069e349f04aa93d21f107cbc19e96.exe

    • Size

      89KB

    • MD5

      9c19f6f672d53ea02851e4356e498134

    • SHA1

      cb23a3493cfc7f13cec651e0bcfedc9df6783b13

    • SHA256

      eeae1b67eeda3c509ea50fcece96684f4c5069e349f04aa93d21f107cbc19e96

    • SHA512

      10fcbdfa9adca52ff554d330219ba04faa8afe79ec4725838069c98c6f8f575bdf09096db68ed7a8a751b3f2b90254d694ef33d84b591b82fdf8ae2f6e2db850

    • SSDEEP

      1536:lpH4/4DoI3zXcAp7cf7d8wKMdDpRiJxyEa5zmYowBSce9JRcV5lExkg8F8:L4/4DF3zXTp7Ed8wKMdDpRic5zmYIck9

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks