berbew | e56eab1c0c4d32cbad52179bc24b4dcac1a4ee3f5c86adeb3d55dbf451b19965 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.c2d66...JC.exe

windows7-x64

NEAS.c2d66...JC.exe

windows10-2004-x64

Sharing

General

Target

NEAS.c2d66bf67219862a17d14d0776ae62e0_JC.exe
Size

445KB
Sample

231101-j1px4acg2x
MD5

c2d66bf67219862a17d14d0776ae62e0
SHA1

65681f94a9fdb11d7502f388f60af470bddac86b
SHA256

e56eab1c0c4d32cbad52179bc24b4dcac1a4ee3f5c86adeb3d55dbf451b19965
SHA512

14339e1efc94ee74309a10060a73895f99083819f9899a89b28012bafcbc056606883b308361f90cea81c9c0ecc7537cda3dd1e99bebf71e2d054ff17e2bb7bf
SSDEEP

12288:3tRpV6yYPMLnfBJKFbhDwBpV6yYP0riuoCgNbbko8JfSIuMUb1V4D0:3tRWMLnfBJKhVwBW0riuoCgNbbj8JfSr

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.c2d66bf67219862a17d14d0776ae62e0_JC.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.c2d66bf67219862a17d14d0776ae62e0_JC.exe

Resource

win10v2004-20231023-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.c2d66bf67219862a17d14d0776ae62e0_JC.exe
- Size
  
  445KB
- MD5
  
  c2d66bf67219862a17d14d0776ae62e0
- SHA1
  
  65681f94a9fdb11d7502f388f60af470bddac86b
- SHA256
  
  e56eab1c0c4d32cbad52179bc24b4dcac1a4ee3f5c86adeb3d55dbf451b19965
- SHA512
  
  14339e1efc94ee74309a10060a73895f99083819f9899a89b28012bafcbc056606883b308361f90cea81c9c0ecc7537cda3dd1e99bebf71e2d054ff17e2bb7bf
- SSDEEP
  
  12288:3tRpV6yYPMLnfBJKFbhDwBpV6yYP0riuoCgNbbko8JfSIuMUb1V4D0:3tRWMLnfBJKhVwBW0riuoCgNbbj8JfSr
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.