berbew | 2b7ecaf8bb1506fb4b96303529c5417f30debf66fd9b92a36d43555728f1af97 | Triage

Submit
Reports

Overview

overview

Static

static

41c80c5655...AS.exe

windows7-x64

41c80c5655...AS.exe

windows10-2004-x64

Sharing

General

Target

41c80c56557f2af7a4ab0901e247e327_NEAS
Size

108KB
Sample

240508-tvalbsdb5y
MD5

41c80c56557f2af7a4ab0901e247e327
SHA1

c5811ed73c8facbd3cc3f051ea72ded5c1da6b49
SHA256

2b7ecaf8bb1506fb4b96303529c5417f30debf66fd9b92a36d43555728f1af97
SHA512

3622795c2257500de1b676348df439ab96342827fc91be33fe3b29116a00bf69b08db704221c55d6197b781a7aa866197896718cb8a1a4d1834cc0bd38b6c169
SSDEEP

1536:YtM8TDVaoUu3YdXmmNsWISfQ+cMwB+rjm8NiIqhn3HQ8BawTj2wQ3K:J8TD96BVjfQ+eUjmOiBn3w8BdTj2h3K

Score

10^/10

berbew backdoor dropper persistence trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

41c80c56557f2af7a4ab0901e247e327_NEAS.exe

Resource

win7-20240221-en

backdoor dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

41c80c56557f2af7a4ab0901e247e327_NEAS.exe

Resource

win10v2004-20240508-en

backdoor dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  41c80c56557f2af7a4ab0901e247e327_NEAS
- Size
  
  108KB
- MD5
  
  41c80c56557f2af7a4ab0901e247e327
- SHA1
  
  c5811ed73c8facbd3cc3f051ea72ded5c1da6b49
- SHA256
  
  2b7ecaf8bb1506fb4b96303529c5417f30debf66fd9b92a36d43555728f1af97
- SHA512
  
  3622795c2257500de1b676348df439ab96342827fc91be33fe3b29116a00bf69b08db704221c55d6197b781a7aa866197896718cb8a1a4d1834cc0bd38b6c169
- SSDEEP
  
  1536:YtM8TDVaoUu3YdXmmNsWISfQ+cMwB+rjm8NiIqhn3HQ8BawTj2wQ3K:J8TD96BVjfQ+eUjmOiBn3w8BdTj2h3K
Score

10^/10

backdoor dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordropperpersistencetrojan

behavioral2

backdoordropperpersistencetrojan

© 2018-2024

Terms | Privacy