berbew | d4422b51e50ea05bcdb0ca117358fe0d0b45cb9f5689e5a4d5a6b8bfaadc4540 | Triage

Submit
Reports

Overview

overview

Static

static

NEAS.48417...10.exe

windows7-x64

NEAS.48417...10.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4841782c9864bee913721e5797dc2d10.exe
Size

463KB
Sample

231115-ad1lmsac4z
MD5

4841782c9864bee913721e5797dc2d10
SHA1

7e61a7eeb377d0aa8586e510fab4a03bca77f164
SHA256

d4422b51e50ea05bcdb0ca117358fe0d0b45cb9f5689e5a4d5a6b8bfaadc4540
SHA512

894880d7a4175ca3e9d79a38a53eab5ec446d4453d5ca289826bb6f8da5743034a005aaa103fc17733ab5a540f9d9f2641dcfc6b3b71296f3a302fe679d399df
SSDEEP

12288:H+Gy4s5t6NSN6G5tb0fX5t6NSN6G5tTvz:H+34Dc6C0ec6gvz

Score

10^/10

berbew dropper persistence trojan

Static task

static1

persistence dropper trojan berbew

3 signatures

Behavioral task

behavioral1

Sample

NEAS.4841782c9864bee913721e5797dc2d10.exe

Resource

win7-20231020-en

dropper persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

NEAS.4841782c9864bee913721e5797dc2d10.exe

Resource

win10v2004-20231023-en

dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  NEAS.4841782c9864bee913721e5797dc2d10.exe
- Size
  
  463KB
- MD5
  
  4841782c9864bee913721e5797dc2d10
- SHA1
  
  7e61a7eeb377d0aa8586e510fab4a03bca77f164
- SHA256
  
  d4422b51e50ea05bcdb0ca117358fe0d0b45cb9f5689e5a4d5a6b8bfaadc4540
- SHA512
  
  894880d7a4175ca3e9d79a38a53eab5ec446d4453d5ca289826bb6f8da5743034a005aaa103fc17733ab5a540f9d9f2641dcfc6b3b71296f3a302fe679d399df
- SSDEEP
  
  12288:H+Gy4s5t6NSN6G5tb0fX5t6NSN6G5tTvz:H+34Dc6C0ec6gvz
Score

10^/10

dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Backdoor - Berbew
  Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
  persistence dropper trojan
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

persistencedroppertrojanberbew

behavioral1

dropperpersistencetrojan

behavioral2

dropperpersistencetrojan

© 2018-2025

Terms | Privacy