berbew | 03e3ee05d1cc294c21ba867beb36deba8863d0674c95f5f4dc9f91b43d2be78a | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.26a58...60.exe

windows7-x64

NEAS.26a58...60.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.26a58af3d2096cab437344feb6cc4560.exe
Size

106KB
Sample

231022-vs238sea39
MD5

26a58af3d2096cab437344feb6cc4560
SHA1

209e0289d0732939ebca4de1f6acf26ea9da4aef
SHA256

03e3ee05d1cc294c21ba867beb36deba8863d0674c95f5f4dc9f91b43d2be78a
SHA512

408d9eeda05ae05fc710847d219f293597455da68520a5a12b7afc620073b1348c97d0fe83d61770ead1cb536a9b385b0e913462fe00b83578b4387bb762518d
SSDEEP

3072:ME7EkFDuPHZZL8E+UmtwhA/EsO8Xy3pdSrX91WdTCn93OGey/ZhC:JdYHsE+UmtwhAcsO8Xy3pwrX+TCndOGA

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.26a58af3d2096cab437344feb6cc4560.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.26a58af3d2096cab437344feb6cc4560.exe

Resource

win10v2004-20231020-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.26a58af3d2096cab437344feb6cc4560.exe
- Size
  
  106KB
- MD5
  
  26a58af3d2096cab437344feb6cc4560
- SHA1
  
  209e0289d0732939ebca4de1f6acf26ea9da4aef
- SHA256
  
  03e3ee05d1cc294c21ba867beb36deba8863d0674c95f5f4dc9f91b43d2be78a
- SHA512
  
  408d9eeda05ae05fc710847d219f293597455da68520a5a12b7afc620073b1348c97d0fe83d61770ead1cb536a9b385b0e913462fe00b83578b4387bb762518d
- SSDEEP
  
  3072:ME7EkFDuPHZZL8E+UmtwhA/EsO8Xy3pdSrX91WdTCn93OGey/ZhC:JdYHsE+UmtwhAcsO8Xy3pwrX+TCndOGA
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy