berbew | d3114224e952297b1f05bf3b59ef9af0794801ca0be7941d53ad72ef365ca183 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.c8681...b0.exe

windows7-x64

NEAS.c8681...b0.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c86814d24b0e28fb33b230745f8d12b0.exe
Size

391KB
Sample

231028-yzsd6aah3s
MD5

c86814d24b0e28fb33b230745f8d12b0
SHA1

5409259bce78629502bb452558e252aa3a95c899
SHA256

d3114224e952297b1f05bf3b59ef9af0794801ca0be7941d53ad72ef365ca183
SHA512

e29e44f3ac0200e68e0a07bfdd55b7090d850af425abe806c48fbeb75f3a1e8c29fba607d53fa223f79042c12659afec46c4318011b9391bd40222ff5a1283d5
SSDEEP

12288:n3cnXZ6dAj2x2rFT9XvEhdfJkKSkU3kHyuaRB5t6k0IJogZ+SZE:nGXZ142p9XvEhdfJkKSkU3kHyuaRB5tW

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.c86814d24b0e28fb33b230745f8d12b0.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.c86814d24b0e28fb33b230745f8d12b0.exe

Resource

win10v2004-20231025-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.c86814d24b0e28fb33b230745f8d12b0.exe
- Size
  
  391KB
- MD5
  
  c86814d24b0e28fb33b230745f8d12b0
- SHA1
  
  5409259bce78629502bb452558e252aa3a95c899
- SHA256
  
  d3114224e952297b1f05bf3b59ef9af0794801ca0be7941d53ad72ef365ca183
- SHA512
  
  e29e44f3ac0200e68e0a07bfdd55b7090d850af425abe806c48fbeb75f3a1e8c29fba607d53fa223f79042c12659afec46c4318011b9391bd40222ff5a1283d5
- SSDEEP
  
  12288:n3cnXZ6dAj2x2rFT9XvEhdfJkKSkU3kHyuaRB5t6k0IJogZ+SZE:nGXZ142p9XvEhdfJkKSkU3kHyuaRB5tW
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy