berbew | 3f77efe05991059e33fa8bf987df69f1766a40cb83784a876eacfd09d6457544 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

bad8db2ea4...AS.exe

windows7-x64

bad8db2ea4...AS.exe

windows10-2004-x64

Sharing

General

Target

bad8db2ea4351365f750e0b1b8da1460_NEAS
Size

362KB
Sample

240507-r1hg1seb32
MD5

bad8db2ea4351365f750e0b1b8da1460
SHA1

25ad66692840b134eeed3a71175e22b9a0e5484b
SHA256

3f77efe05991059e33fa8bf987df69f1766a40cb83784a876eacfd09d6457544
SHA512

c42677f5509a032c352ecb79b0dc1c148704dbb5ed9eef0e26f2ae510a175c8869560a22f34af8d76d5d317bf2844199e3a9602817cee6b84a3bca0d7e94ffb3
SSDEEP

6144:Swy84qcnhDBhtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1aj8DOvlvuZn:y8ihPtmuMtrQ07nGWxWSsmiMyh95r5Oa

Score

10^/10

berbew backdoor dropper persistence trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

bad8db2ea4351365f750e0b1b8da1460_NEAS.exe

Resource

win7-20240220-en

backdoor dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

bad8db2ea4351365f750e0b1b8da1460_NEAS.exe

Resource

win10v2004-20240419-en

backdoor dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  bad8db2ea4351365f750e0b1b8da1460_NEAS
- Size
  
  362KB
- MD5
  
  bad8db2ea4351365f750e0b1b8da1460
- SHA1
  
  25ad66692840b134eeed3a71175e22b9a0e5484b
- SHA256
  
  3f77efe05991059e33fa8bf987df69f1766a40cb83784a876eacfd09d6457544
- SHA512
  
  c42677f5509a032c352ecb79b0dc1c148704dbb5ed9eef0e26f2ae510a175c8869560a22f34af8d76d5d317bf2844199e3a9602817cee6b84a3bca0d7e94ffb3
- SSDEEP
  
  6144:Swy84qcnhDBhtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1aj8DOvlvuZn:y8ihPtmuMtrQ07nGWxWSsmiMyh95r5Oa
Score

10^/10

backdoor dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordropperpersistencetrojan

behavioral2

backdoordropperpersistencetrojan

© 2018-2025

Terms | Privacy