General

  • Target

    4fb0aa9da86d3a4f62e28c0e6d379706cd5b6151c585b5849a29ea0503dc9599.exe

  • Size

    3.7MB

  • Sample

    240522-2pqz5abh2t

  • MD5

    14a159127d8b138f460c445803712370

  • SHA1

    7e6c02b2f8ea2a707a312493e9e43faf66b874f4

  • SHA256

    4fb0aa9da86d3a4f62e28c0e6d379706cd5b6151c585b5849a29ea0503dc9599

  • SHA512

    f7a6c888702eea39897dc1da483b5d09ae572690073e9f89e59a9382266ed00f4c654eebccc37cc2ae9de4b800937c067c818c7e5b75bbc0b14244e9ad2cfc08

  • SSDEEP

    98304:D6r6HaSHFaZRBEYyqmS2DiHPKQgmZ0aUgUjvha/4wzlF65T:raSHFaZRBEYyqmS2DiHPKQgwUgUjvhoU

Malware Config

Targets

    • Target

      4fb0aa9da86d3a4f62e28c0e6d379706cd5b6151c585b5849a29ea0503dc9599.exe

    • Size

      3.7MB

    • MD5

      14a159127d8b138f460c445803712370

    • SHA1

      7e6c02b2f8ea2a707a312493e9e43faf66b874f4

    • SHA256

      4fb0aa9da86d3a4f62e28c0e6d379706cd5b6151c585b5849a29ea0503dc9599

    • SHA512

      f7a6c888702eea39897dc1da483b5d09ae572690073e9f89e59a9382266ed00f4c654eebccc37cc2ae9de4b800937c067c818c7e5b75bbc0b14244e9ad2cfc08

    • SSDEEP

      98304:D6r6HaSHFaZRBEYyqmS2DiHPKQgmZ0aUgUjvha/4wzlF65T:raSHFaZRBEYyqmS2DiHPKQgwUgUjvhoU

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Malware Dropper & Backdoor - Berbew

      Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks