General

  • Target

    623e2b69b6b8915bd470753e17e4e73da5f0b352f9528abd921e0aaf59570459.exe

  • Size

    128KB

  • Sample

    240523-atk6wsfa22

  • MD5

    25b7a570699f3545eaa1a00b34d6c4b0

  • SHA1

    425770904f8c0123b65ce15c11fccfb3f6a0435f

  • SHA256

    623e2b69b6b8915bd470753e17e4e73da5f0b352f9528abd921e0aaf59570459

  • SHA512

    65966b54335cc75f09a1aacc8bbeb78b677a29656698ce340833cdaa98961df0b53487c77a6d3b09b3cff4f313be27ac1b4fd82ecb8b14d11bc156b0d070719f

  • SSDEEP

    1536:NbVcN8BQJB4eQUX5B5LRnmQt3pup5kfhXmZcWiqgF72S7f/QuMXi1oHk3CYyq:Xq8epFX5B5FnV00XmmW2wS7IrHrYj

Malware Config

Targets

    • Target

      623e2b69b6b8915bd470753e17e4e73da5f0b352f9528abd921e0aaf59570459.exe

    • Size

      128KB

    • MD5

      25b7a570699f3545eaa1a00b34d6c4b0

    • SHA1

      425770904f8c0123b65ce15c11fccfb3f6a0435f

    • SHA256

      623e2b69b6b8915bd470753e17e4e73da5f0b352f9528abd921e0aaf59570459

    • SHA512

      65966b54335cc75f09a1aacc8bbeb78b677a29656698ce340833cdaa98961df0b53487c77a6d3b09b3cff4f313be27ac1b4fd82ecb8b14d11bc156b0d070719f

    • SSDEEP

      1536:NbVcN8BQJB4eQUX5B5LRnmQt3pup5kfhXmZcWiqgF72S7f/QuMXi1oHk3CYyq:Xq8epFX5B5FnV00XmmW2wS7IrHrYj

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Malware Dropper & Backdoor - Berbew

      Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks