General

  • Target

    90055bac0038f2f6cc47d79eafd38940c85f131690b1a7a0cd0aac70d2a22e4e.exe

  • Size

    100KB

  • Sample

    241113-vhp1xsyqck

  • MD5

    cd2ec20e3c003d818a244ce91001198a

  • SHA1

    af5aba8bf5f177be3642d4eeb52caf94083f60b7

  • SHA256

    90055bac0038f2f6cc47d79eafd38940c85f131690b1a7a0cd0aac70d2a22e4e

  • SHA512

    27c6f1e0a02a060f9222c3cc5b7daa1c157f74a599fb2800001c88a0d2a2154274f12c33776cb98e979b7e565e42c8b9894d717e4186a5252ac687836c09463e

  • SSDEEP

    1536:x8PH4IQ0DUGFzivItRMldflXNkigoFgblQQa3+om13XRzx:qgwUGKI49mnCgb3a3+X13XRzx

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      90055bac0038f2f6cc47d79eafd38940c85f131690b1a7a0cd0aac70d2a22e4e.exe

    • Size

      100KB

    • MD5

      cd2ec20e3c003d818a244ce91001198a

    • SHA1

      af5aba8bf5f177be3642d4eeb52caf94083f60b7

    • SHA256

      90055bac0038f2f6cc47d79eafd38940c85f131690b1a7a0cd0aac70d2a22e4e

    • SHA512

      27c6f1e0a02a060f9222c3cc5b7daa1c157f74a599fb2800001c88a0d2a2154274f12c33776cb98e979b7e565e42c8b9894d717e4186a5252ac687836c09463e

    • SSDEEP

      1536:x8PH4IQ0DUGFzivItRMldflXNkigoFgblQQa3+om13XRzx:qgwUGKI49mnCgb3a3+X13XRzx

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks