berbew | deb312067fd9bee453cbd984091fc87bad276c008924a495725d0f572e9b5516 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

NEAS.2c8d4...a0.exe

windows7-x64

NEAS.2c8d4...a0.exe

windows10-2004-x64

Sharing

General

Target

NEAS.2c8d4e577058e87ff8275b24387356a0.exe
Size

352KB
Sample

231112-lhnneseg98
MD5

2c8d4e577058e87ff8275b24387356a0
SHA1

ba7dcf5bec687b935546fede907d0d2c03bca99a
SHA256

deb312067fd9bee453cbd984091fc87bad276c008924a495725d0f572e9b5516
SHA512

f5176aaae087a6b51b5199e8aaa234f42c2efd893cdd5538bbfa98f8af9513e8fe9de880a64cc58a3a2bdaa6806473f9125e0412b9592e1531142866de43a0d0
SSDEEP

6144:pYFoSUDxyFkhKSZI4zLVSVp3ys9ceiItgAv:aeJVWcKSZhnVep3ys37tgAv

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.2c8d4e577058e87ff8275b24387356a0.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.2c8d4e577058e87ff8275b24387356a0.exe

Resource

win10v2004-20231020-en

dropper persistence trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.2c8d4e577058e87ff8275b24387356a0.exe
- Size
  
  352KB
- MD5
  
  2c8d4e577058e87ff8275b24387356a0
- SHA1
  
  ba7dcf5bec687b935546fede907d0d2c03bca99a
- SHA256
  
  deb312067fd9bee453cbd984091fc87bad276c008924a495725d0f572e9b5516
- SHA512
  
  f5176aaae087a6b51b5199e8aaa234f42c2efd893cdd5538bbfa98f8af9513e8fe9de880a64cc58a3a2bdaa6806473f9125e0412b9592e1531142866de43a0d0
- SSDEEP
  
  6144:pYFoSUDxyFkhKSZI4zLVSVp3ys9ceiItgAv:aeJVWcKSZhnVep3ys37tgAv
Score

10^/10

dropper persistence trojan
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy