General

  • Target

    394ee7e475b0a65b8211180ea66a2cd685b696282c92e6619afbeb2b5982018e.exe

  • Size

    576KB

  • Sample

    241113-vz39wawfpl

  • MD5

    02e995de3d2a161a4a5dd62a2d28a176

  • SHA1

    1ac517c3793fa2d7fff979593271c65e5ea15bb4

  • SHA256

    394ee7e475b0a65b8211180ea66a2cd685b696282c92e6619afbeb2b5982018e

  • SHA512

    f3e08b225859348ec5e6117a3d4a5446bbe685f0a78fd158fe10788c93287dc22193fa06823299a7d9df56df84c489057eed25965697ac6c46ec209b52444762

  • SSDEEP

    12288:u7fQ5AIyRtHBFLPj3btStuv40arYciakobDlsa2VIGqPWYvyAN3p8Wgx+gWVBmLD:AaXyRtHBFLPj3btStuv40arYciakobDO

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      394ee7e475b0a65b8211180ea66a2cd685b696282c92e6619afbeb2b5982018e.exe

    • Size

      576KB

    • MD5

      02e995de3d2a161a4a5dd62a2d28a176

    • SHA1

      1ac517c3793fa2d7fff979593271c65e5ea15bb4

    • SHA256

      394ee7e475b0a65b8211180ea66a2cd685b696282c92e6619afbeb2b5982018e

    • SHA512

      f3e08b225859348ec5e6117a3d4a5446bbe685f0a78fd158fe10788c93287dc22193fa06823299a7d9df56df84c489057eed25965697ac6c46ec209b52444762

    • SSDEEP

      12288:u7fQ5AIyRtHBFLPj3btStuv40arYciakobDlsa2VIGqPWYvyAN3p8Wgx+gWVBmLD:AaXyRtHBFLPj3btStuv40arYciakobDO

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks