General

  • Target

    JaffaCakes118_1aab7ce20644134a9a7ef433b7c5a8fc88c45bffeecc211d5b69d4c31d8d5770

  • Size

    85KB

  • Sample

    241224-dxv22s1lgq

  • MD5

    e5a355d870c8e99046c07e1fa0e4cf89

  • SHA1

    e99ca2ff77efa2dde9648684094325617a250fc0

  • SHA256

    1aab7ce20644134a9a7ef433b7c5a8fc88c45bffeecc211d5b69d4c31d8d5770

  • SHA512

    dff18452488b80db1c2d851b1945bcfaf25776b2955a42440d4a4fde21895daa7bcfc1b2ba2bbf0f75ff15af6eb3af904bfcb87e2f07f5162e26539d48c01f74

  • SSDEEP

    1536:EEqZ/yGR0bAIttILa1CriUOD9gPv51rm/86+pIa5dNMsu1fB0WqzCTL/1m:RcyGR0bAIjUa1C+9gZ1i/2dPuxBgzCTs

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      sample

    • Size

      145KB

    • MD5

      2950815e0cd87d8440b86f64088702fe

    • SHA1

      6ddebf9dc60ed377c4b503284f12b2ee4bf706af

    • SHA256

      f371f603ca16b96db5102770f19fbecaa77c0c4bc46b7c498c64109a2e050060

    • SHA512

      a2cca02afd6eb51429192595807301f5307ea6ebcd358faba371de9d9d676a469249f75e9980a066bd87161933384e3de47eb2036c8e99c678def72b89406d42

    • SSDEEP

      3072:o3UMhzpwUBIbCeowKLXQSlaW8oxOyuAua:oEsz6UBIbCeowYXQSIsHuAua

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks