berbew | 19a0201b1eaadbec9a3ac4e6dd34b2703e2a9291d0685281f8b942c0995097e0 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.73a67...90.exe

windows7-x64

NEAS.73a67...90.exe

windows10-2004-x64

Sharing

General

Target

NEAS.73a6787e8414af3b1801602c3ab3c290.exe
Size

169KB
Sample

231102-t8424aha7w
MD5

73a6787e8414af3b1801602c3ab3c290
SHA1

e1619d82702f0a2614524dfda4beba34f14ffa20
SHA256

19a0201b1eaadbec9a3ac4e6dd34b2703e2a9291d0685281f8b942c0995097e0
SHA512

7ab6e256395249b8d9bf81ca049d2a1b122a0d952f3352ec5dc223e974efb0f3d6d1f9f5defec6f4cc35622a490c8555c6b176dc1170ec2f027933de759722b7
SSDEEP

3072:o6na8O78w5JaFpqYPxMeEvPOdgujv6NLPfFFrKP92f65Ha:odbB8fqYJML3OdgawrFZKPf9

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.73a6787e8414af3b1801602c3ab3c290.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.73a6787e8414af3b1801602c3ab3c290.exe

Resource

win10v2004-20231020-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.73a6787e8414af3b1801602c3ab3c290.exe
- Size
  
  169KB
- MD5
  
  73a6787e8414af3b1801602c3ab3c290
- SHA1
  
  e1619d82702f0a2614524dfda4beba34f14ffa20
- SHA256
  
  19a0201b1eaadbec9a3ac4e6dd34b2703e2a9291d0685281f8b942c0995097e0
- SHA512
  
  7ab6e256395249b8d9bf81ca049d2a1b122a0d952f3352ec5dc223e974efb0f3d6d1f9f5defec6f4cc35622a490c8555c6b176dc1170ec2f027933de759722b7
- SSDEEP
  
  3072:o6na8O78w5JaFpqYPxMeEvPOdgujv6NLPfFFrKP92f65Ha:odbB8fqYJML3OdgawrFZKPf9
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.