berbew | NEAS[.]27fc1100870bae70971d60d89636da20_JC[.]exe

General

Target

NEAS.27fc1100870bae70971d60d89636da20_JC.exe
Size

501KB
MD5

27fc1100870bae70971d60d89636da20
SHA1

9aa3d1e94081cd641479a72935d92d30bb46a723
SHA256

43f2412e80ac5f153ccb8b49ee1775400e9a92593888cb34e1d0099cea36bd7d
SHA512

bb85effc76bb682452e903d7ddbd4989340f8b7755dee8555f5e95e275ab0c1366689b6c677179f7d8a84084faf21690acfe742742ff5da05a1524430b383863
SSDEEP

12288:iLPkCDt1EG2XVekhdeTFafyqWY9JIhzwbXUbSOmS+g0h8kT:iLPkQ1bqAw1WgyhAEH+g0h8kT

Score

10^/10

persistence dropper trojan berbew

Malware Config

Signatures

Berbew family
berbew

Malware Backdoor - Berbew 1 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.27fc1100870bae70971d60d89636da20_JC.exe

Files

NEAS.27fc1100870bae70971d60d89636da20_JC.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.l2
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 464B

.data Size: - Virtual size: 16B

.rsrc Size: 239KB - Virtual size: 239KB

.reloc Size: 1024B - Virtual size: 756B

.l2 Size: 239KB - Virtual size: 239KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.pdata Size: 10KB - Virtual size: 12KB

.pdata Size: 6KB - Virtual size: 8KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 464B

.data
Size: - Virtual size: 16B

.rsrc
Size: 239KB - Virtual size: 239KB

.reloc
Size: 1024B - Virtual size: 756B

.l2
Size: 239KB - Virtual size: 239KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.pdata
Size: 10KB - Virtual size: 12KB

.pdata
Size: 6KB - Virtual size: 8KB