berbew | NEAS[.]39bcacec66703155dbb9be33b1135c70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.39bcacec66703155dbb9be33b1135c70.exe
Size

1.1MB
MD5

39bcacec66703155dbb9be33b1135c70
SHA1

827b3e7ea0de086e44daeabee641e735cf9cccb2
SHA256

266ae8ebe50672ddcda10467b46c62d785744c6de6e8a2e14cbe1680c7459cfd
SHA512

3ef52e38e8ad12a575288b1017d88805e5a0f29ca12a1e830b610739b826ea265793629a4018640b1f504b66009f6d8c18f2a53e037e0e7c4f03fcf8dcbe3049
SSDEEP

24576:2uq8X4FH0MyTpNjMlhlaV2ynjRGisAgG/LgvQF3gMm77HfOwUf97knVoY:2y4l0MyTIlhlaV2yjRG1ArLgYF3gP77r

Score

10^/10

persistence dropper trojan berbew

Malware Config

Signatures

Berbew family
berbew

Malware Backdoor - Berbew 1 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.39bcacec66703155dbb9be33b1135c70.exe

Files

NEAS.39bcacec66703155dbb9be33b1135c70.exe
.exe windows:5 windows x86 arch:x86

6795e293445dafc70853c5024da9df57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSACleanup
WSAStartup

kernel32

CloseHandle
WritePrivateProfileStringA
CreateFileMappingW
MapViewOfFile
GetPrivateProfileStringA
ReadFile
IsBadWritePtr
EnterCriticalSection
GetCurrentProcess
lstrlenW
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
CreateFileW
GetCurrentThreadId
FormatMessageW
GetLastError
GetCurrentThread
DeleteFileA
RaiseException
GetSystemInfo
LoadLibraryW
FileTimeToLocalFileTime
GetProcAddress
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetModuleHandleW
lstrcpyW
GetSystemTimeAsFileTime
GlobalMemoryStatus
IsBadReadPtr
GetPrivateProfileIntA
VirtualQuery
GetFileTime
SetUnhandledExceptionFilter
FileTimeToDosDateTime
WaitForSingleObject
CreateEventW
SetEvent
CreateProcessA
OpenEventA
TerminateProcess
CreateMutexA
CreateEventA
GetFileAttributesW
FreeLibrary
GetVersion
GetWindowsDirectoryA
CreateDirectoryA
lstrcpynA
MultiByteToWideChar
GlobalFree
GetLocalTime
WriteFile
SetEndOfFile
FindClose
GetFileAttributesA
TerminateThread
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
GetTickCount
OutputDebugStringA
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
Module32FirstW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
GetCommandLineA
GetProcessHeap
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
GetACP
GetStdHandle
HeapFree
HeapReAlloc
HeapAlloc
FreeLibraryAndExitThread
ExitThread
GlobalAlloc
CreateFileA
lstrlenA
UnmapViewOfFile
GetModuleFileNameA
lstrcpyA
GetVersionExW
WriteConsoleW
ReadConsoleW
WideCharToMultiByte
HeapSize
SetStdHandle
CreateThread
GetModuleHandleExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
LoadLibraryExW
ExitProcess

user32

CharLowerA
GetMessageW
DefWindowProcW
DestroyWindow
CreateWindowExW
EndDialog
RegisterClassExW
LoadAcceleratorsW
LoadStringW
ShowWindow
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
LoadIconW
LoadCursorW
PostQuitMessage
DialogBoxParamW
BeginPaint
EndPaint
wvsprintfW
MessageBoxA
wsprintfW
UpdateWindow

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
GetUserNameW

dbghelp

MiniDumpWriteDump

psapi

GetModuleInformation

wininet

InternetSetOptionA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6795e293445dafc70853c5024da9df57

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

advapi32

dbghelp

psapi

wininet

version

Sections

.text Size: 284KB - Virtual size: 283KB

.rdata Size: 120KB - Virtual size: 120KB

.data Size: 8KB - Virtual size: 17KB

.gfids Size: 1024B - Virtual size: 572B

.rsrc Size: 235KB - Virtual size: 234KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.text
Size: 284KB - Virtual size: 283KB

.rdata
Size: 120KB - Virtual size: 120KB

.data
Size: 8KB - Virtual size: 17KB

.gfids
Size: 1024B - Virtual size: 572B

.rsrc
Size: 235KB - Virtual size: 234KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB