General

  • Target

    ec9f28ac71e73bd65e42d0c73bd6bb4e55e4839ffcc3294c9dd3ee9b0d7a4cc7N.exe

  • Size

    144KB

  • Sample

    241222-rfn43a1mcj

  • MD5

    b9b8888f986f41d607869b9b07aea860

  • SHA1

    a7a851d035521790a30c65945a1bfaa9c371f42e

  • SHA256

    ec9f28ac71e73bd65e42d0c73bd6bb4e55e4839ffcc3294c9dd3ee9b0d7a4cc7

  • SHA512

    0a1f3e216c6bae38e058914400cde648f28f2e3adc983d5dc8cad29c863852a35fb383c41cfb4c82e9786285cea7c1b16c31d6842196e49bcc4091630a257d79

  • SSDEEP

    3072:kdEEoPT0gs1CcQJsnCcYzGYJpD9r8XxrYnQg4sI+:LZ27qLcCGyZ6Yu+

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ec9f28ac71e73bd65e42d0c73bd6bb4e55e4839ffcc3294c9dd3ee9b0d7a4cc7N.exe

    • Size

      144KB

    • MD5

      b9b8888f986f41d607869b9b07aea860

    • SHA1

      a7a851d035521790a30c65945a1bfaa9c371f42e

    • SHA256

      ec9f28ac71e73bd65e42d0c73bd6bb4e55e4839ffcc3294c9dd3ee9b0d7a4cc7

    • SHA512

      0a1f3e216c6bae38e058914400cde648f28f2e3adc983d5dc8cad29c863852a35fb383c41cfb4c82e9786285cea7c1b16c31d6842196e49bcc4091630a257d79

    • SSDEEP

      3072:kdEEoPT0gs1CcQJsnCcYzGYJpD9r8XxrYnQg4sI+:LZ27qLcCGyZ6Yu+

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.