berbew | 8c02cebd55defea5efc1027a668c6d3125136ce81fbe1160bb5d6f7ad5aa7c13 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.f9112...60.exe

windows7-x64

NEAS.f9112...60.exe

windows10-2004-x64

Sharing

General

Target

NEAS.f911249d977b7afeba1ba1685e6dea60.exe
Size

391KB
Sample

231101-hak1sabf7y
MD5

f911249d977b7afeba1ba1685e6dea60
SHA1

1706c5e0ddaf4280204a02d60c6d94e89a6ea5bd
SHA256

8c02cebd55defea5efc1027a668c6d3125136ce81fbe1160bb5d6f7ad5aa7c13
SHA512

9243f8d21d0ffc1b255558e4a3b867ce521c92245eb1e3fbe5e6b4e1a115b40ba58c77993267f92735550bc6050274dcfff4971cfae6418c4b964a667c8f5dff
SSDEEP

12288:4o56T9XvEhdfJkKSkU3kHyuaRB5t6k0IJogZ+SZE:4P9XvEhdfJkKSkU3kHyuaRB5t6k0IJon

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.f911249d977b7afeba1ba1685e6dea60.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.f911249d977b7afeba1ba1685e6dea60.exe

Resource

win10v2004-20231025-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.f911249d977b7afeba1ba1685e6dea60.exe
- Size
  
  391KB
- MD5
  
  f911249d977b7afeba1ba1685e6dea60
- SHA1
  
  1706c5e0ddaf4280204a02d60c6d94e89a6ea5bd
- SHA256
  
  8c02cebd55defea5efc1027a668c6d3125136ce81fbe1160bb5d6f7ad5aa7c13
- SHA512
  
  9243f8d21d0ffc1b255558e4a3b867ce521c92245eb1e3fbe5e6b4e1a115b40ba58c77993267f92735550bc6050274dcfff4971cfae6418c4b964a667c8f5dff
- SSDEEP
  
  12288:4o56T9XvEhdfJkKSkU3kHyuaRB5t6k0IJogZ+SZE:4P9XvEhdfJkKSkU3kHyuaRB5t6k0IJon
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2024

Terms | Privacy