berbew | cace3c18bba03732bbde33bac1f8afaf8f4f3de2ea19e36c29e5b8669b6baa31 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

b42ca2ff01...fa.exe

windows7-x64

b42ca2ff01...fa.exe

windows10-2004-x64

Sharing

General

Target

b42ca2ff01a96a8c749686483db8d3fa.exe
Size

448KB
Sample

240111-vzwvsscfhl
MD5

b42ca2ff01a96a8c749686483db8d3fa
SHA1

5a2469ee10869c299d681316705b6bb79d8ef01c
SHA256

cace3c18bba03732bbde33bac1f8afaf8f4f3de2ea19e36c29e5b8669b6baa31
SHA512

53112d8678d3db2087ad90286df1f9db291731da12b07d131710f54c203624e268c63ad2eb25e40adbdc671c0e2e3d0801a01ccad2f381914005f4d38ad3225a
SSDEEP

6144:bzOI68iByVo7aOl3BzrUmKyIxLfYeOO9UmKyIxLiajOEjXP3HBsR4/0ePGSzxC:bzOuiBym7aOlxzr3cOK3TajRfXFMKNxC

Score

10^/10

berbew backdoor dropper persistence trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

b42ca2ff01a96a8c749686483db8d3fa.exe

Resource

win7-20231215-en

backdoor dropper persistence trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

b42ca2ff01a96a8c749686483db8d3fa.exe

Resource

win10v2004-20231215-en

backdoor dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  b42ca2ff01a96a8c749686483db8d3fa.exe
- Size
  
  448KB
- MD5
  
  b42ca2ff01a96a8c749686483db8d3fa
- SHA1
  
  5a2469ee10869c299d681316705b6bb79d8ef01c
- SHA256
  
  cace3c18bba03732bbde33bac1f8afaf8f4f3de2ea19e36c29e5b8669b6baa31
- SHA512
  
  53112d8678d3db2087ad90286df1f9db291731da12b07d131710f54c203624e268c63ad2eb25e40adbdc671c0e2e3d0801a01ccad2f381914005f4d38ad3225a
- SSDEEP
  
  6144:bzOI68iByVo7aOl3BzrUmKyIxLfYeOO9UmKyIxLiajOEjXP3HBsR4/0ePGSzxC:bzOuiBym7aOlxzr3cOK3TajRfXFMKNxC
Score

10^/10

backdoor dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordropperpersistencetrojan

behavioral2

backdoordropperpersistencetrojan

© 2018-2025

Terms | Privacy