berbew | 10375658ff23e02d9272983ff323a52cc89a82c23b36c93a271b5dbcf32a941f | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.29d44...b0.exe

windows7-x64

NEAS.29d44...b0.exe

windows10-2004-x64

Sharing

General

Target

NEAS.29d44e10f90fa2e903709acc488ba3b0.exe
Size

350KB
Sample

231021-z4dl8sdd29
MD5

29d44e10f90fa2e903709acc488ba3b0
SHA1

52a2dc32866cbfce81dddb7a5a6c608077301691
SHA256

10375658ff23e02d9272983ff323a52cc89a82c23b36c93a271b5dbcf32a941f
SHA512

2d6d9f05b126540e0877687bdab0cd3694f29b0eee521c33b61877303f4444c6f990284cae347098699c2372d966eecb608268fd97de53d49ffadb0a22cbe2c6
SSDEEP

3072:+YUb5QoJ4g+CLi8HSpmWAVW9UNpZj6Iz1ZdW4SrO7FSVpEv4wD66ib7:+YwLTNV97h6SZI4z7FSVp84+23

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.29d44e10f90fa2e903709acc488ba3b0.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.29d44e10f90fa2e903709acc488ba3b0.exe

Resource

win10v2004-20231020-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.29d44e10f90fa2e903709acc488ba3b0.exe
- Size
  
  350KB
- MD5
  
  29d44e10f90fa2e903709acc488ba3b0
- SHA1
  
  52a2dc32866cbfce81dddb7a5a6c608077301691
- SHA256
  
  10375658ff23e02d9272983ff323a52cc89a82c23b36c93a271b5dbcf32a941f
- SHA512
  
  2d6d9f05b126540e0877687bdab0cd3694f29b0eee521c33b61877303f4444c6f990284cae347098699c2372d966eecb608268fd97de53d49ffadb0a22cbe2c6
- SSDEEP
  
  3072:+YUb5QoJ4g+CLi8HSpmWAVW9UNpZj6Iz1ZdW4SrO7FSVpEv4wD66ib7:+YwLTNV97h6SZI4z7FSVp84+23
Score

10^/10

dropper persistence trojan
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2024

Terms | Privacy