berbew | NEAS[.]8bc9c73bb504b53aa8c619d5c00401b0[.]exe

General

Target

NEAS.8bc9c73bb504b53aa8c619d5c00401b0.exe
Size

618KB
MD5

8bc9c73bb504b53aa8c619d5c00401b0
SHA1

5da06e7bc478c7426179e1adcae4d517c33b9f0a
SHA256

60c238cd175af60f6c85c5299d0a8eace54a0a671766450d41017d1ab2d6b4d2
SHA512

171db013ae43bbfd3f5f4262ae395e3b8b7012e1d134da15b738d5f188a8e9aa57b26b1cfc87661ba2e20d8602001b4235c3000769b7400ac5ad045eef164756
SSDEEP

12288:qz6R5TuwQqW7xiCV9gQkFEn2nTD/7NRMmBsW7QLGhenawIs/YekQBnYb:q+Rqqk9gQkFEn2nTD/7NRMmBsW7QLGh5

Score

10^/10

upx persistence dropper trojan berbew

Malware Config

Signatures

Berbew family
berbew

Malware Backdoor - Berbew 1 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
sample	family_berbew

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8bc9c73bb504b53aa8c619d5c00401b0.exe

Files

NEAS.8bc9c73bb504b53aa8c619d5c00401b0.exe
.exe windows:10 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imports
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: 120KB - Virtual size: 120KB

UPX1 Size: 56KB - Virtual size: 56KB

.rsrc Size: 32KB - Virtual size: 32KB

.rmnet Size: 88KB - Virtual size: 88KB

.imports Size: 76KB - Virtual size: 76KB

.idata Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

UPX0
Size: 120KB - Virtual size: 120KB

UPX1
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 32KB - Virtual size: 32KB

.rmnet
Size: 88KB - Virtual size: 88KB

.imports
Size: 76KB - Virtual size: 76KB

.idata
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB