berbew | d36f32e87d7a50560ee863eeb11c0305d36f0fe85dc6b951d78c791f866e223d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a9bebac977...cs.exe

windows7-x64

a9bebac977...cs.exe

windows10-2004-x64

Sharing

General

Target

a9bebac977bbcc1866b9503aed7d0f80_NeikiAnalytics
Size

384KB
Sample

240513-j9r4taeb4x
MD5

a9bebac977bbcc1866b9503aed7d0f80
SHA1

d601f67fea4dd834171617b566f25bbbd885e513
SHA256

d36f32e87d7a50560ee863eeb11c0305d36f0fe85dc6b951d78c791f866e223d
SHA512

dfa53ecd2503505e482b3e6f3dbf82eb63ac8390386957aa6d5ad9d1653717e8c99e6b0bedfba0e086fb8e2667c38ef97822350e2bd053fa1a6711d86359403d
SSDEEP

6144:Qp8azTYaT15f7o+STYaT15fsnoW6B1S6Kvw2fV9rU+Lw6gYviIajJsnIfvJPNF7:QHTYapJoTYapbt1S3vwyjrU+LKYAJII5

Score

10^/10

berbew backdoor dropper persistence trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

a9bebac977bbcc1866b9503aed7d0f80_NeikiAnalytics.exe

Resource

win7-20240221-en

backdoor dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a9bebac977bbcc1866b9503aed7d0f80_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

backdoor dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a9bebac977bbcc1866b9503aed7d0f80_NeikiAnalytics
- Size
  
  384KB
- MD5
  
  a9bebac977bbcc1866b9503aed7d0f80
- SHA1
  
  d601f67fea4dd834171617b566f25bbbd885e513
- SHA256
  
  d36f32e87d7a50560ee863eeb11c0305d36f0fe85dc6b951d78c791f866e223d
- SHA512
  
  dfa53ecd2503505e482b3e6f3dbf82eb63ac8390386957aa6d5ad9d1653717e8c99e6b0bedfba0e086fb8e2667c38ef97822350e2bd053fa1a6711d86359403d
- SSDEEP
  
  6144:Qp8azTYaT15f7o+STYaT15fsnoW6B1S6Kvw2fV9rU+Lw6gYviIajJsnIfvJPNF7:QHTYapJoTYapbt1S3vwyjrU+LKYAJII5
Score

10^/10

backdoor dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordropperpersistencetrojan

behavioral2

backdoordropperpersistencetrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.