MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 40c3260b3f5608fba98d2791939a279c0f1b0cb01b90740f68c9461202157ec4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 40c3260b3f5608fba98d2791939a279c0f1b0cb01b90740f68c9461202157ec4
SHA3-384 hash: 1c2178a1a3c290427f476df9a0b7f34a68e5e54f2b62552e44896c76d7e03f7e065f59977126613dbf7e7b7f33d6310b
SHA1 hash: f4d4cd4e7318a993c3374f96f8ec15bc15c0f592
MD5 hash: 38984b55982b836a5aa73186af6152c0
humanhash: don-cardinal-hamper-hamper
File name:40c3260b3f5608fba98d2791939a279c0f1b0cb01b90740f68c9461202157ec4
Download: download sample
File size:208'896 bytes
First seen:2020-06-03 08:24:05 UTC
Last seen:2020-06-03 09:26:55 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a64e048b98d051ae6e6b6334f77c95d3 (7 x Berbew)
ssdeep 3072:NA72j4ezoEElClaFDKdhk3pIXW8TprCAm1mTDKaFDKdhk3pIX:NyEElClaeXW8laeKaeX
Threatray 183 similar samples on MalwareBazaar
TLSH 43146AFAA5E278A3FC772637334A4530BF9BE4640F9BC2113582E53596C52CA1DE6242
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Crypted-31
Create hunting rule

Win.Trojan.Crypted-29
Create hunting rule

Win.Malware.Qukart-6838239-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Berbew
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 08:37:46 UTC
AV detection:
46 of 48 (95.83%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
2c0b77b14cf288da48a78d6ed47bbeac941ce3fdf25cbbb1c6d85a765293a534
4ecfa9c9251d5f053bca1c78b0e43563771188a1d523f6ba0564898538c4b434
5dcc948c2e9b5ea0ae4dee86f8c2bd5fc5b7c007689de61ef5a06804c572238b
6c8a9fdb82fa1dbf236f26e846d31827ff97e936febc37526d255a4bf397f3ae
8764c6051832730c76fb0e17a0565c7c9daacc87f0020f995c83b7e0dd63b4e3
a7bea3b9089d6c3fe127bdd5aec0d5e28e06ce83b67e02048ad31879c337ed77
ac532b2bc6697336738ccbed6111467348dae5ddab7432e5b575ccc2adc3035e
d5891d6b6008123f28484d372b6d0fbe9680818fcc3e961b01c50a7806535bdb
f39b4a0b223f7e3b8b1acaff7e658e0b682ad13f7450ec0869fac9e080603332
f3bf81fdb47c25c5f9b44c8b3e96c191e53766bd9d536ec878574526ef824114
+ 173 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-vpqh9kmpba/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Adds autorun key to be loaded by Explorer.exe on startup
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments