berbew | 809296af0c2bfed607f193632ebd511346f981e458eff56961522c7efaa45cd1 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.8cc05...e0.exe

windows7-x64

NEAS.8cc05...e0.exe

windows10-2004-x64

Sharing

General

Target

NEAS.8cc05148195ea9128c0e9f13000f36e0.exe
Size

109KB
Sample

231101-rj8mwadg4w
MD5

8cc05148195ea9128c0e9f13000f36e0
SHA1

815b5866a725d6310a7b5708ab9786fbd895f2f3
SHA256

809296af0c2bfed607f193632ebd511346f981e458eff56961522c7efaa45cd1
SHA512

d149e4ce2385fc3e0005f8fd769b3cecf8b9a5bbb282a3a3d30b42af7b4f961927d2b40fb9039685e7d59c48f5964d92ea070df65a4fc5893fd390763439f59b
SSDEEP

3072:yQei6iCUvYi4gPyoLiuJ94LCqwzBu1DjHLMVDqqkSpR:yzzZhipyoL5J9Ywtu1DjrFqhz

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.8cc05148195ea9128c0e9f13000f36e0.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.8cc05148195ea9128c0e9f13000f36e0.exe

Resource

win10v2004-20231023-en

dropper persistence trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.8cc05148195ea9128c0e9f13000f36e0.exe
- Size
  
  109KB
- MD5
  
  8cc05148195ea9128c0e9f13000f36e0
- SHA1
  
  815b5866a725d6310a7b5708ab9786fbd895f2f3
- SHA256
  
  809296af0c2bfed607f193632ebd511346f981e458eff56961522c7efaa45cd1
- SHA512
  
  d149e4ce2385fc3e0005f8fd769b3cecf8b9a5bbb282a3a3d30b42af7b4f961927d2b40fb9039685e7d59c48f5964d92ea070df65a4fc5893fd390763439f59b
- SSDEEP
  
  3072:yQei6iCUvYi4gPyoLiuJ94LCqwzBu1DjHLMVDqqkSpR:yzzZhipyoL5J9Ywtu1DjrFqhz
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2024

Terms | Privacy