berbew | 2475803ce7343c6188ecdb96ebbc48f9c0c2056a068960d5b887970d242452cf | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

NEAS.eef60...JC.exe

windows7-x64

NEAS.eef60...JC.exe

windows10-2004-x64

Sharing

General

Target

NEAS.eef60ee1a93c5af10c227eb1e9a72c30_JC.exe
Size

262KB
Sample

231031-vqlcpsdf22
MD5

eef60ee1a93c5af10c227eb1e9a72c30
SHA1

733d54230a133e7591568b52221d5ab8cade77c7
SHA256

2475803ce7343c6188ecdb96ebbc48f9c0c2056a068960d5b887970d242452cf
SHA512

484bab45b54cb4acc666c0705e5f80a3336a9730e3c21a8bd2618442ce472f630fdc55d28801b90706734bd24a426d4078545e303b88975ee6073f738de42e97
SSDEEP

6144:SyiMJ6f8jLi2CMw5w31Lx4tiqn/PlVGSu4RiNdpxPtOS:SyiMYs8UFLxYNQWRap/d

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.eef60ee1a93c5af10c227eb1e9a72c30_JC.exe

Resource

win7-20231023-en

dropper persistence trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.eef60ee1a93c5af10c227eb1e9a72c30_JC.exe

Resource

win10v2004-20231023-en

dropper persistence trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.eef60ee1a93c5af10c227eb1e9a72c30_JC.exe
- Size
  
  262KB
- MD5
  
  eef60ee1a93c5af10c227eb1e9a72c30
- SHA1
  
  733d54230a133e7591568b52221d5ab8cade77c7
- SHA256
  
  2475803ce7343c6188ecdb96ebbc48f9c0c2056a068960d5b887970d242452cf
- SHA512
  
  484bab45b54cb4acc666c0705e5f80a3336a9730e3c21a8bd2618442ce472f630fdc55d28801b90706734bd24a426d4078545e303b88975ee6073f738de42e97
- SSDEEP
  
  6144:SyiMJ6f8jLi2CMw5w31Lx4tiqn/PlVGSu4RiNdpxPtOS:SyiMYs8UFLxYNQWRap/d
Score

10^/10

dropper persistence trojan
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy