berbew | NEAS[.]e6a293c7e4d1d33a5e9d93de93252890[.]exe

General

Target

NEAS.e6a293c7e4d1d33a5e9d93de93252890.exe
Size

261KB
MD5

e6a293c7e4d1d33a5e9d93de93252890
SHA1

173c727941485b66f348bdb8a6404664be8d8cb9
SHA256

abc9d21f41c277fc7a7cc655cb5f1dde04f9a1c5ff4de66737eb0028e6adad0e
SHA512

375aedc0e834f6a3d972f43a515a3d0b6a5bac89f8a355c49b352e74efcfab37eb9c416487debe14e88034e7ab94384107404bcfbce110c3725be59a2f6f8a09
SSDEEP

6144:WGv+k+vruviRkyjl7FBdPM/mGVxVElDmhmImd+4C0/iaj+7CgcWlke1k9Pvkd0Dh:Wo+xvGikOBdU/mKx0DwCQAiaja9VOtvz

Score

10^/10

upx persistence dropper trojan berbew

Malware Config

Signatures

Berbew family
berbew

Malware Backdoor - Berbew 1 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
sample	family_berbew

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e6a293c7e4d1d33a5e9d93de93252890.exe

Files

NEAS.e6a293c7e4d1d33a5e9d93de93252890.exe
.exe windows:5 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

UPX0 Size: - Virtual size: 56KB

UPX1 Size: 24KB - Virtual size: 28KB

UPX2 Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

UPX0
Size: - Virtual size: 56KB

UPX1
Size: 24KB - Virtual size: 28KB

UPX2
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB