berbew | c8b4be0324515de87ce8cccd6c299049ced25a42987225d1fd0b08983bed792c | Triage

Submit
Reports

Overview

overview

Static

static

b5241898e6...d8.exe

windows7-x64

b5241898e6...d8.exe

windows10-2004-x64

Sharing

General

Target

b5241898e6e2b34d3e57dd48e2d71dd8.exe
Size

255KB
Sample

240106-zj7dtaffdq
MD5

b5241898e6e2b34d3e57dd48e2d71dd8
SHA1

f31c56458af52b44a35ec63a8b0f4e10f68b5881
SHA256

c8b4be0324515de87ce8cccd6c299049ced25a42987225d1fd0b08983bed792c
SHA512

c0cca4341af1cb082f446feec32a5818a7a879f5b45585353f733c1a7c88be06f941b7ee7e7506cc4e2d7f40ce7c65b4c79b6ac5945e557651d95a85bc464bfd
SSDEEP

6144:Yyq3dPGq1obFvZ5/5n+0UsmZCDY8sEizaoLVjxcwMAXUGD43J0r1:dm8eob51nUs2CE8sEiXpjiwM+Uj3Ja

Score

10^/10

berbew backdoor dropper persistence trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

b5241898e6e2b34d3e57dd48e2d71dd8.exe

Resource

win7-20231215-en

backdoor dropper persistence trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

b5241898e6e2b34d3e57dd48e2d71dd8.exe

Resource

win10v2004-20231215-en

backdoor dropper persistence trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  b5241898e6e2b34d3e57dd48e2d71dd8.exe
- Size
  
  255KB
- MD5
  
  b5241898e6e2b34d3e57dd48e2d71dd8
- SHA1
  
  f31c56458af52b44a35ec63a8b0f4e10f68b5881
- SHA256
  
  c8b4be0324515de87ce8cccd6c299049ced25a42987225d1fd0b08983bed792c
- SHA512
  
  c0cca4341af1cb082f446feec32a5818a7a879f5b45585353f733c1a7c88be06f941b7ee7e7506cc4e2d7f40ce7c65b4c79b6ac5945e557651d95a85bc464bfd
- SSDEEP
  
  6144:Yyq3dPGq1obFvZ5/5n+0UsmZCDY8sEizaoLVjxcwMAXUGD43J0r1:dm8eob51nUs2CE8sEiXpjiwM+Uj3Ja
Score

10^/10

backdoor dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordropperpersistencetrojan

behavioral2

backdoordropperpersistencetrojan

© 2018-2024

Terms | Privacy