berbew | NEAS[.]196b839d551a39053105184ffb214630[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.196b839d551a39053105184ffb214630.exe
Size

1.1MB
MD5

196b839d551a39053105184ffb214630
SHA1

df5c103213056a02dc3b8c66edb6d298622361b8
SHA256

c6ff0a46db52ad27927fe548e0c96ceab321aab14c0f3365b468488613accc80
SHA512

c542697492fe8df28dd1303b84d054d7410cc5e82408ce905b21dcaba517a0b6b570c997f0a831c3e566f6927a21136623aae991e9197b245fbdc71470989147
SSDEEP

24576:DdVejfZDmbnwmdBOcTTLjc7mYF4J+/FFRKd7JROTLNOH:fesbnycTTL8E+dFRKdNROT0H

Score

10^/10

persistence dropper trojan berbew

Malware Config

Signatures

Berbew family
berbew

Malware Backdoor - Berbew 1 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.196b839d551a39053105184ffb214630.exe

Files

NEAS.196b839d551a39053105184ffb214630.exe
.exe windows:5 windows x86

b0541de20399f35b47de17469a795248

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
GetACP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
GetTickCount
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetFileSizeEx
SetErrorMode
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
WritePrivateProfileStringA
FreeResource
GlobalAddAtomA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
lstrcmpA
FormatMessageA
LocalFree
MulDiv
FileTimeToLocalFileTime
FindNextFileA
GetCurrentProcessId
GetModuleFileNameA
GetFullPathNameA
GetVolumeInformationA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
SetLastError
GetThreadLocale
GetFileAttributesA
LoadLibraryA
GetProcAddress
GlobalMemoryStatus
Sleep
GetLastError
CreateFileA
GetFileTime
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
CloseHandle
InterlockedDecrement
SetCurrentDirectoryA
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentDirectoryA
GetVersionExA
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceA
lstrlenA
CreateDirectoryA
lstrcmpiA
RemoveDirectoryA
CreateProcessA
DeleteFileA
GetEnvironmentStrings
FindFirstFileA

user32

RegisterClipboardFormatA
PostThreadMessageA
ReleaseCapture
SetCapture
UnregisterClassA
GetSysColorBrush
DrawFocusRect
DestroyMenu
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
GetScrollRange
GetScrollPos
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
EqualRect
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowTextLengthA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemInt
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
SetWindowContextHelpId
MapDialogRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
SendMessageA
RegisterClassA
CloseClipboard
SetClipboardData
EmptyClipboard
GetActiveWindow
IsWindowVisible
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
IsRectEmpty
CopyAcceleratorTableA
CharNextA
OpenClipboard
GetClassNameA
GetWindowTextA
GetSystemMetrics
DrawIcon
DrawEdge
AppendMenuA
GetSystemMenu
IsIconic
GetWindowRect
GetClientRect
InvalidateRect
SetTimer
KillTimer
EnableWindow
LoadIconA
GetWindow
PostMessageA
SetWindowPos
SetWindowPlacement
GetWindowPlacement
GetClipboardData
GetKeyState
GetSubMenu
LoadMenuA
ClientToScreen
SetCursor
LoadCursorA
GetCursorPos
PtInRect
SetRect
BringWindowToTop
GetDC
GetParent
ScreenToClient
CharUpperA
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
GetWindowLongA

gdi32

CreateCompatibleDC
GetStockObject
CreateRectRgnIndirect
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetMapMode
CreateFontIndirectA
TextOutA
RectVisible
PtVisible
BitBlt
GetWindowExtEx
GetViewportExtEx
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetCurrentObject
GetTextExtentPoint32A
GetObjectA
CreateSolidBrush
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA
RegEnumValueA

shell32

SHBrowseForFolderA
SHGetMalloc
DragFinish
DragQueryFileA
SHGetPathFromIDListA

comctl32

ord17

shlwapi

PathStripToRootA
PathIsUNCA
PathFindExtensionA
PathFindFileNameA
StrCmpW
PathRemoveFileSpecW

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoInitializeEx
CoUninitialize
OleIsCurrentClipboard
CoTaskMemFree
CoCreateInstance
OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc

oleaut32

SysAllocStringByteLen
SysStringByteLen
VariantClear
SysStringLen
SysAllocStringLen
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
GetErrorInfo
SysFreeString

Sections

.text
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b0541de20399f35b47de17469a795248

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

Sections

.text Size: 725KB - Virtual size: 724KB

.rdata Size: 122KB - Virtual size: 122KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 39KB - Virtual size: 39KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.rdata Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.text Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.rsrc Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.reloc Size: 3KB - Virtual size: 4KB

.text Size: 9KB - Virtual size: 12KB

.text
Size: 725KB - Virtual size: 724KB

.rdata
Size: 122KB - Virtual size: 122KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 39KB - Virtual size: 39KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.rdata
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.text
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.reloc
Size: 3KB - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 12KB