berbew | NEAS[.]828390f70676af3d1e22c275d81c3a10[.]exe

General

Target

NEAS.828390f70676af3d1e22c275d81c3a10.exe
Size

724KB
MD5

828390f70676af3d1e22c275d81c3a10
SHA1

58d6b9a8d8b6c807a6b6bbca0eb19b94b7f67bf4
SHA256

ea688dcf2c8f6036c30f9eb9c1360f3a103213f92fcd28de2d2a973c252c94ef
SHA512

da711583de8f139fce6278176d5b544812016084b907d818603a31d74ef434b0979391b49739c8265e1b47e22b4d42203126c3d6469b9db1b658ece218fd06da
SSDEEP

12288:HWBm+95nHfF2mgewFx5skWBpmiqIHsngo86LWlZ1kfgjdkAnUKkD57lc0fzEV/dK:HWBz95ndbgfx5HWBVsgomlugjTnUKkDr

Score

10^/10

persistence dropper trojan berbew

Malware Config

Signatures

Berbew family
berbew

Malware Backdoor - Berbew 1 IoCs

Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

persistence dropper trojan

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.828390f70676af3d1e22c275d81c3a10.exe

Files

NEAS.828390f70676af3d1e22c275d81c3a10.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 182KB - Virtual size: 204KB

.rsrc Size: 85KB - Virtual size: 84KB

.l1 Size: 5KB - Virtual size: 5KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 182KB - Virtual size: 204KB

.rsrc
Size: 85KB - Virtual size: 84KB

.l1
Size: 5KB - Virtual size: 5KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB