berbew | bf80e83d72f282f69273f6d2a09bc5e434a285bb2590fa579a01588df84f3a45 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.fa937...00.exe

windows7-x64

NEAS.fa937...00.exe

windows10-2004-x64

Sharing

General

Target

NEAS.fa937a07ea6c7756db1b3780389b3800.exe
Size

169KB
Sample

231103-tb34jagd39
MD5

fa937a07ea6c7756db1b3780389b3800
SHA1

4fbf3ee1b7237c5b65a34239e91ca742f27c6624
SHA256

bf80e83d72f282f69273f6d2a09bc5e434a285bb2590fa579a01588df84f3a45
SHA512

0ee9193be5f856101fe28b48d072b580ed8cadf075f1b6d0110644837a0aabeb88da4ba690ddbb1aa33b482f58f5103671421dce0f33a0f073371c8dae8952c1
SSDEEP

3072:pdftH9FaSUXsfwNbE1QSzcuwPNNdPxMeEvPOdgujv6NLPfFFrKP92f65Ha:7tUXU31QSzcu63dJML3OdgawrFZKPf9

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.fa937a07ea6c7756db1b3780389b3800.exe

Resource

win7-20231023-en

dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.fa937a07ea6c7756db1b3780389b3800.exe

Resource

win10v2004-20231023-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.fa937a07ea6c7756db1b3780389b3800.exe
- Size
  
  169KB
- MD5
  
  fa937a07ea6c7756db1b3780389b3800
- SHA1
  
  4fbf3ee1b7237c5b65a34239e91ca742f27c6624
- SHA256
  
  bf80e83d72f282f69273f6d2a09bc5e434a285bb2590fa579a01588df84f3a45
- SHA512
  
  0ee9193be5f856101fe28b48d072b580ed8cadf075f1b6d0110644837a0aabeb88da4ba690ddbb1aa33b482f58f5103671421dce0f33a0f073371c8dae8952c1
- SSDEEP
  
  3072:pdftH9FaSUXsfwNbE1QSzcuwPNNdPxMeEvPOdgujv6NLPfFFrKP92f65Ha:7tUXU31QSzcu63dJML3OdgawrFZKPf9
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.