General

  • Target

    347083b72964cf008e345828156842e8747a45f30792c10c526b5812aa4fe8fb.exe

  • Size

    384KB

  • Sample

    241113-jvvama1mcm

  • MD5

    5512ec1da06d282b8c1bb2dcf91c13aa

  • SHA1

    6242028956b0469f939429a528200b65491114f5

  • SHA256

    347083b72964cf008e345828156842e8747a45f30792c10c526b5812aa4fe8fb

  • SHA512

    710285c79556dbbf714ff50733cbfeb0553bf22ce13d28088d40c7277da137699ee912d9f7e76c29f6ff3bcc2aa442c472838fce4a6f75270b4b6a0dc6a5439f

  • SSDEEP

    6144:IiGNQUJ9iwtu1DjrFqh/QO+zrWnAdqjsqwHlGrh/e:IFNQ+tuFjAh//+zrWAIAqWr

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      347083b72964cf008e345828156842e8747a45f30792c10c526b5812aa4fe8fb.exe

    • Size

      384KB

    • MD5

      5512ec1da06d282b8c1bb2dcf91c13aa

    • SHA1

      6242028956b0469f939429a528200b65491114f5

    • SHA256

      347083b72964cf008e345828156842e8747a45f30792c10c526b5812aa4fe8fb

    • SHA512

      710285c79556dbbf714ff50733cbfeb0553bf22ce13d28088d40c7277da137699ee912d9f7e76c29f6ff3bcc2aa442c472838fce4a6f75270b4b6a0dc6a5439f

    • SSDEEP

      6144:IiGNQUJ9iwtu1DjrFqh/QO+zrWnAdqjsqwHlGrh/e:IFNQ+tuFjAh//+zrWAIAqWr

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks