berbew | 268d708af7dda0f6a073dded17212fd91a9ced78ab9c44d8a6a458f8c72fc8a0 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.0ca24...1c.exe

windows7-x64

NEAS.0ca24...1c.exe

windows10-2004-x64

Sharing

General

Target

NEAS.0ca24de21c7d6935f8ac6b3d7cfc501c.exe
Size

704KB
Sample

231114-lyhgcaba3y
MD5

0ca24de21c7d6935f8ac6b3d7cfc501c
SHA1

8ad683ef50e48ea4ca13af25e347f5e6ebf39a80
SHA256

268d708af7dda0f6a073dded17212fd91a9ced78ab9c44d8a6a458f8c72fc8a0
SHA512

f6b489286a716600f060cc80aaf413f4703322e9a87e61e9fb266c7edd29e24dc9d3c8a7e2ed4a729594529e021794b3157bff882b1ad050429a18d7d67f6c9f
SSDEEP

12288:QpqKrQg5W/+zrWAI5KFum/+zrWAIAqWim/+zrWAI5KFHTP7rXFr/+zrWAI5KW:QNrQg5Wm0BmmvFimm0MTP7hm0b

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.0ca24de21c7d6935f8ac6b3d7cfc501c.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.0ca24de21c7d6935f8ac6b3d7cfc501c.exe

Resource

win10v2004-20231023-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.0ca24de21c7d6935f8ac6b3d7cfc501c.exe
- Size
  
  704KB
- MD5
  
  0ca24de21c7d6935f8ac6b3d7cfc501c
- SHA1
  
  8ad683ef50e48ea4ca13af25e347f5e6ebf39a80
- SHA256
  
  268d708af7dda0f6a073dded17212fd91a9ced78ab9c44d8a6a458f8c72fc8a0
- SHA512
  
  f6b489286a716600f060cc80aaf413f4703322e9a87e61e9fb266c7edd29e24dc9d3c8a7e2ed4a729594529e021794b3157bff882b1ad050429a18d7d67f6c9f
- SSDEEP
  
  12288:QpqKrQg5W/+zrWAI5KFum/+zrWAIAqWim/+zrWAI5KFHTP7rXFr/+zrWAI5KW:QNrQg5Wm0BmmvFimm0MTP7hm0b
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy