General

  • Target

    f6be04332a7102436d762d68e8d4c7370761006d4c0593008381843b0f1b5920.exe

  • Size

    192KB

  • Sample

    241113-xpnsjsxenh

  • MD5

    7fffc89704c38dba1a4cc403cd625843

  • SHA1

    d5fc35eeec1aa34c5629805b2904ab637c6f07f2

  • SHA256

    f6be04332a7102436d762d68e8d4c7370761006d4c0593008381843b0f1b5920

  • SHA512

    d5ccf0c79019ae138057150a26000d8ebf643b2b4459083a525321e4addc10d47a31453e0b1e6391d133e9a0d340aac95dc1b78062e735a59dbf3da7cea49d26

  • SSDEEP

    6144:fCwT6wT1dqw3v6roHbD5W3glbGFIasUDsIjosK:fCcqY8aH5W3ybwwUbK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f6be04332a7102436d762d68e8d4c7370761006d4c0593008381843b0f1b5920.exe

    • Size

      192KB

    • MD5

      7fffc89704c38dba1a4cc403cd625843

    • SHA1

      d5fc35eeec1aa34c5629805b2904ab637c6f07f2

    • SHA256

      f6be04332a7102436d762d68e8d4c7370761006d4c0593008381843b0f1b5920

    • SHA512

      d5ccf0c79019ae138057150a26000d8ebf643b2b4459083a525321e4addc10d47a31453e0b1e6391d133e9a0d340aac95dc1b78062e735a59dbf3da7cea49d26

    • SSDEEP

      6144:fCwT6wT1dqw3v6roHbD5W3glbGFIasUDsIjosK:fCcqY8aH5W3ybwwUbK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks