berbew | ab8ff210ef59ddd333b6f1c1af633a7959c09c597aca2e2d59fcd5692e9fbfb8 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

NEAS.c7311...30.exe

windows7-x64

NEAS.c7311...30.exe

windows10-2004-x64

Sharing

General

Target

NEAS.c73113c983a1ac9ec0243868ad7c3d30.exe
Size

125KB
Sample

231105-yjxzpsbd6s
MD5

c73113c983a1ac9ec0243868ad7c3d30
SHA1

e0471b1a1f7ccd69782779e7916060b6baae880a
SHA256

ab8ff210ef59ddd333b6f1c1af633a7959c09c597aca2e2d59fcd5692e9fbfb8
SHA512

0c0b86d4f0f0705f658e1845c7433288d29339c589a9740dfa26768851cd3741b1b1c80ff10c8ec2cc42b14f61efd0490134ea21536da60d5e99d2655f38b84b
SSDEEP

3072:W/Uw4sznDQ9CdcNVjBb+ct1WdTCn93OGey/ZhJakrPF:W/f4cDsCdcNL+cOTCndOGeKTaG

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.c73113c983a1ac9ec0243868ad7c3d30.exe

Resource

win7-20231023-en

dropper persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.c73113c983a1ac9ec0243868ad7c3d30.exe

Resource

win10v2004-20231023-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.c73113c983a1ac9ec0243868ad7c3d30.exe
- Size
  
  125KB
- MD5
  
  c73113c983a1ac9ec0243868ad7c3d30
- SHA1
  
  e0471b1a1f7ccd69782779e7916060b6baae880a
- SHA256
  
  ab8ff210ef59ddd333b6f1c1af633a7959c09c597aca2e2d59fcd5692e9fbfb8
- SHA512
  
  0c0b86d4f0f0705f658e1845c7433288d29339c589a9740dfa26768851cd3741b1b1c80ff10c8ec2cc42b14f61efd0490134ea21536da60d5e99d2655f38b84b
- SSDEEP
  
  3072:W/Uw4sznDQ9CdcNVjBb+ct1WdTCn93OGey/ZhJakrPF:W/f4cDsCdcNL+cOTCndOGeKTaG
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy