berbew | NEAS[.]b19ae6d95ffe0e5a8b83d3f832c527b0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.b19ae6d95ffe0e5a8b83d3f832c527b0_JC.exe
Size

627KB
MD5

b19ae6d95ffe0e5a8b83d3f832c527b0
SHA1

f04390e53708acaa6e503c6bda734cc137041c2a
SHA256

ed6683d9f1532836e4ec00daa75b2e21ed5d0bf8dfcb871227ca78098293d879
SHA512

738739f86abe7aad2f0abf2ae18b06470010f5752ec417e73341892253dc18a4ab4bea04ce9553b73c088c47b8023c5cf0cdb0ed1f4b9916090970baff146ed3
SSDEEP

12288:rytbV3kSoXaLnyosMNRHB7CaDOfKwJjYsK5JfwNdPH0OLQ/i:Kb5kSYaLyVMNRHB7LX7oNdPH0Ok/i

Score

10^/10

persistence dropper trojan berbew

Malware Config

Signatures

Berbew family
berbew

Malware Backdoor - Berbew 1 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b19ae6d95ffe0e5a8b83d3f832c527b0_JC.exe

Files

NEAS.b19ae6d95ffe0e5a8b83d3f832c527b0_JC.exe
.exe windows:6 windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.rsrc
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 163KB - Virtual size: 163KB

.rdata Size: 85KB - Virtual size: 84KB

.reloc Size: 5KB - Virtual size: 11KB

.data Size: 9KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 256B

.reloc Size: 512B - Virtual size: 488B

.data Size: 3KB - Virtual size: 3KB

.data Size: 9KB - Virtual size: 12KB

.text Size: 512B - Virtual size: 4KB

.text Size: 5KB - Virtual size: 8KB

.reloc Size: 10KB - Virtual size: 12KB

.rdata Size: 7KB - Virtual size: 8KB

.rsrc
Size: 163KB - Virtual size: 163KB

.rdata
Size: 85KB - Virtual size: 84KB

.reloc
Size: 5KB - Virtual size: 11KB

.data
Size: 9KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 256B

.reloc
Size: 512B - Virtual size: 488B

.data
Size: 3KB - Virtual size: 3KB

.data
Size: 9KB - Virtual size: 12KB

.text
Size: 512B - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 8KB

.reloc
Size: 10KB - Virtual size: 12KB

.rdata
Size: 7KB - Virtual size: 8KB