berbew | NEAS[.]a1df3721fbc1a56b38d18531ce0780b0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a1df3721fbc1a56b38d18531ce0780b0_JC.exe
Size

521KB
MD5

a1df3721fbc1a56b38d18531ce0780b0
SHA1

04d2d3a1787d14bf984ea76a4588faf8a7bf2407
SHA256

97e81893a195a75f6654796b1f4dcc0462c85192ec4ddc78fd3af5b1d9b3dd90
SHA512

af9ab12660cc1f686eb71ff54f2ec61736e2cc07e421486747aa9412dfbab22d03672fbd723484a7b5c8d1f8cb96f584a74936f1559268a1c8a5dddcb60f0ce6
SSDEEP

12288:hH5aQrQr01B+x5nji7wWeTYItgZZMYNEddSiiXaMKiIwufMf3LCcwQ/8+DC1PC:hH5aQrQr01B+x5nji7wWeTYItgZZMYNJ

Score

10^/10

persistence dropper trojan berbew

Malware Config

Signatures

Berbew family
berbew

Malware Backdoor - Berbew 1 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a1df3721fbc1a56b38d18531ce0780b0_JC.exe

Files

NEAS.a1df3721fbc1a56b38d18531ce0780b0_JC.exe
.exe windows:4 windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 360KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 100B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 5KB - Virtual size: 5KB

.data Size: 360KB - Virtual size: 360KB

.text Size: 512B - Virtual size: 416B

.eh_fram Size: 1024B - Virtual size: 928B

.bss Size: - Virtual size: 100B

.idata Size: 1KB - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 24B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 16KB - Virtual size: 15KB

.idata Size: 512B - Virtual size: 4KB

.rsrc Size: 10KB - Virtual size: 12KB

.didat Size: 6KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 4KB

.text
Size: 5KB - Virtual size: 5KB

.data
Size: 360KB - Virtual size: 360KB

.text
Size: 512B - Virtual size: 416B

.eh_fram
Size: 1024B - Virtual size: 928B

.bss
Size: - Virtual size: 100B

.idata
Size: 1KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 24B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 16KB - Virtual size: 15KB

.idata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 10KB - Virtual size: 12KB

.didat
Size: 6KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 4KB