General

  • Target

    c8f711c0d6d5f88a17f2c12496694ec952e94aca09400ef384eb5e427abe8c8d.exe

  • Size

    97KB

  • Sample

    241203-v3gv2s1mdl

  • MD5

    4babfbe793b24c8ffab5e26ff548a336

  • SHA1

    16e59fa3447c50981dbea2c684fa23e3530995ec

  • SHA256

    c8f711c0d6d5f88a17f2c12496694ec952e94aca09400ef384eb5e427abe8c8d

  • SHA512

    891ba2b2cf24b9762967795d183f05557aaa5e3f1544cb700c84a1419228f85fedcfb8f7b589c321f17896c911206f95d3ef35bcd55116a2aa29296b0fc342db

  • SSDEEP

    1536:7OxKZ/o4Vya2okdYdlfp2JfT0WdHuTqms4aFCfvJXeYZK:bZ/j1cdolB27OTrSCXJXeKK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      c8f711c0d6d5f88a17f2c12496694ec952e94aca09400ef384eb5e427abe8c8d.exe

    • Size

      97KB

    • MD5

      4babfbe793b24c8ffab5e26ff548a336

    • SHA1

      16e59fa3447c50981dbea2c684fa23e3530995ec

    • SHA256

      c8f711c0d6d5f88a17f2c12496694ec952e94aca09400ef384eb5e427abe8c8d

    • SHA512

      891ba2b2cf24b9762967795d183f05557aaa5e3f1544cb700c84a1419228f85fedcfb8f7b589c321f17896c911206f95d3ef35bcd55116a2aa29296b0fc342db

    • SSDEEP

      1536:7OxKZ/o4Vya2okdYdlfp2JfT0WdHuTqms4aFCfvJXeYZK:bZ/j1cdolB27OTrSCXJXeKK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks