berbew | a88ef2b1831b468d0b5437f3863ae4039055fa6a95626935da318084db4d61bd | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.acb48...a0.exe

windows7-x64

NEAS.acb48...a0.exe

windows10-2004-x64

Sharing

General

Target

NEAS.acb48a600d0be6ef7c3e2e64b82a77a0.exe
Size

345KB
Sample

231106-b22dhsfe41
MD5

acb48a600d0be6ef7c3e2e64b82a77a0
SHA1

5fa1e071d47019134984c478044962c8c984619c
SHA256

a88ef2b1831b468d0b5437f3863ae4039055fa6a95626935da318084db4d61bd
SHA512

15b294cc06f3de1d69c4ed437281f878ef928a1cf281dc1a16c40d9af426ef5c0539cb353595e6acb0f3f555f0dc793cb4a1e3ee1b7462d49c56135cc294d867
SSDEEP

6144:L1mvSMaB4muz14QaYgTt+scaHACw6Ykw/a8dWBtp27DpomqcPMwNFN6aeK9kc:L1m21uznghoaHACwBkka8eGp7dPRr6af

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.acb48a600d0be6ef7c3e2e64b82a77a0.exe

Resource

win7-20231023-en

dropper persistence trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.acb48a600d0be6ef7c3e2e64b82a77a0.exe

Resource

win10v2004-20231023-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.acb48a600d0be6ef7c3e2e64b82a77a0.exe
- Size
  
  345KB
- MD5
  
  acb48a600d0be6ef7c3e2e64b82a77a0
- SHA1
  
  5fa1e071d47019134984c478044962c8c984619c
- SHA256
  
  a88ef2b1831b468d0b5437f3863ae4039055fa6a95626935da318084db4d61bd
- SHA512
  
  15b294cc06f3de1d69c4ed437281f878ef928a1cf281dc1a16c40d9af426ef5c0539cb353595e6acb0f3f555f0dc793cb4a1e3ee1b7462d49c56135cc294d867
- SSDEEP
  
  6144:L1mvSMaB4muz14QaYgTt+scaHACw6Ykw/a8dWBtp27DpomqcPMwNFN6aeK9kc:L1m21uznghoaHACwBkka8eGp7dPRr6af
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2024

Terms | Privacy