berbew | 6af00548e6860b7514280275545254574aaf0a9ece94fa3d231a3700d0b19988 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.4de51...42.exe

windows7-x64

NEAS.4de51...42.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4de516c725c6ad8b4efa69177efa2642.exe
Size

187KB
Sample

231107-rswdxahd6y
MD5

4de516c725c6ad8b4efa69177efa2642
SHA1

396334d17e5411e1d832956102a7cf75e71db761
SHA256

6af00548e6860b7514280275545254574aaf0a9ece94fa3d231a3700d0b19988
SHA512

cc29436e9608b3999f4bee5f395228d7389feb09eb80c5622081d2986b3808eeb34ce876701b4386e29aaf4544e803ddcf4dc49b4222ab16aaa244e6f3ba3965
SSDEEP

3072:Dv5Ls27BIJHluLyXuEQ00UIIIhg6XXXDzXXX13612IIIre36TAXXXhgavcXXXLIX:DBs27GluLyXxQQIIIhg6XXXDzXXX13sE

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.4de516c725c6ad8b4efa69177efa2642.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.4de516c725c6ad8b4efa69177efa2642.exe

Resource

win10v2004-20231020-en

dropper persistence trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.4de516c725c6ad8b4efa69177efa2642.exe
- Size
  
  187KB
- MD5
  
  4de516c725c6ad8b4efa69177efa2642
- SHA1
  
  396334d17e5411e1d832956102a7cf75e71db761
- SHA256
  
  6af00548e6860b7514280275545254574aaf0a9ece94fa3d231a3700d0b19988
- SHA512
  
  cc29436e9608b3999f4bee5f395228d7389feb09eb80c5622081d2986b3808eeb34ce876701b4386e29aaf4544e803ddcf4dc49b4222ab16aaa244e6f3ba3965
- SSDEEP
  
  3072:Dv5Ls27BIJHluLyXuEQ00UIIIhg6XXXDzXXX13612IIIre36TAXXXhgavcXXXLIX:DBs27GluLyXxQQIIIhg6XXXDzXXX13sE
Score

10^/10

dropper persistence trojan
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy