berbew | 519908152ef5ec1feb56e9653d87ef550d212c8dbbb9410a5f2efd8d4f15bf45 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.d9e99...f4.exe

windows7-x64

NEAS.d9e99...f4.exe

windows10-2004-x64

Sharing

General

Target

NEAS.d9e992944ee42b2b8b4bfe1ffec46bf4.exe
Size

155KB
Sample

231028-wgkkgsef48
MD5

d9e992944ee42b2b8b4bfe1ffec46bf4
SHA1

1be4ce9ea5b92d58a4f66371ade6013dd81d4cdc
SHA256

519908152ef5ec1feb56e9653d87ef550d212c8dbbb9410a5f2efd8d4f15bf45
SHA512

c35bc15cda56fa30a928ece503f6b8250453cdd41406e6fa137d66b3d13702f178946b6b2b1dfdb4a25d51c549cf8b539bdf1ea55c66086964b2202644e3f8cd
SSDEEP

3072:eAXEIXLClrxbi4BjEGt4roGAfT7rIEznYfzB9BSwWO:eAbXul9iRzQT7rIYOzLcK

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.d9e992944ee42b2b8b4bfe1ffec46bf4.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.d9e992944ee42b2b8b4bfe1ffec46bf4.exe

Resource

win10v2004-20231023-en

dropper persistence trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.d9e992944ee42b2b8b4bfe1ffec46bf4.exe
- Size
  
  155KB
- MD5
  
  d9e992944ee42b2b8b4bfe1ffec46bf4
- SHA1
  
  1be4ce9ea5b92d58a4f66371ade6013dd81d4cdc
- SHA256
  
  519908152ef5ec1feb56e9653d87ef550d212c8dbbb9410a5f2efd8d4f15bf45
- SHA512
  
  c35bc15cda56fa30a928ece503f6b8250453cdd41406e6fa137d66b3d13702f178946b6b2b1dfdb4a25d51c549cf8b539bdf1ea55c66086964b2202644e3f8cd
- SSDEEP
  
  3072:eAXEIXLClrxbi4BjEGt4roGAfT7rIEznYfzB9BSwWO:eAbXul9iRzQT7rIYOzLcK
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy