berbew | 7064e19db9fe2746c708a757d0caf4c4de39ae4ab9dcb4777c5765ff69bb14fb | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.f7463...e0.exe

windows7-x64

NEAS.f7463...e0.exe

windows10-2004-x64

Sharing

General

Target

NEAS.f7463ea2f2834bf90d173df70bf394e0.exe
Size

459KB
Sample

231112-qjsqzsgb4w
MD5

f7463ea2f2834bf90d173df70bf394e0
SHA1

1a7603afbaa86f5d3ca7d875945558c5e15c6e8a
SHA256

7064e19db9fe2746c708a757d0caf4c4de39ae4ab9dcb4777c5765ff69bb14fb
SHA512

1e7299a044b7acdf3e70f8fe44c58080e230260feba14353f758661022c848f7ff0a75409b08023d19ac6feb25cfbb1d86d39c818f11c077152843bb11e59830
SSDEEP

12288:zkKwIaJwIKfDy/phgeczlqczZd7LFB3oFHoGnFjVZnykJGvpHGdt:zkKwLJwFfDy/phgeczlqczZd7LFB3oFl

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.f7463ea2f2834bf90d173df70bf394e0.exe

Resource

win7-20231023-en

dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.f7463ea2f2834bf90d173df70bf394e0.exe

Resource

win10v2004-20231020-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.f7463ea2f2834bf90d173df70bf394e0.exe
- Size
  
  459KB
- MD5
  
  f7463ea2f2834bf90d173df70bf394e0
- SHA1
  
  1a7603afbaa86f5d3ca7d875945558c5e15c6e8a
- SHA256
  
  7064e19db9fe2746c708a757d0caf4c4de39ae4ab9dcb4777c5765ff69bb14fb
- SHA512
  
  1e7299a044b7acdf3e70f8fe44c58080e230260feba14353f758661022c848f7ff0a75409b08023d19ac6feb25cfbb1d86d39c818f11c077152843bb11e59830
- SSDEEP
  
  12288:zkKwIaJwIKfDy/phgeczlqczZd7LFB3oFHoGnFjVZnykJGvpHGdt:zkKwLJwFfDy/phgeczlqczZd7LFB3oFl
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2024

Terms | Privacy