MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4df4e0de251fdc2d1c250c93b784c60773e366bde6eb7ead3f807f0945dd8bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	a4df4e0de251fdc2d1c250c93b784c60773e366bde6eb7ead3f807f0945dd8bd
SHA3-384 hash:	fb2377a79f9da3fa64154052ee4fb56f20b84da040920fbe8884dfc7ad9eec2bc81ae76a53c755b2c2e8412d07ec1025
SHA1 hash:	fa248fe9086f041c2067cf96e819633de6a1ebf2
MD5 hash:	5e73613f7ed38c18a6c2e6fcc5cf7789
humanhash:	purple-uncle-wolfram-kentucky
File name:	a4df4e0de251fdc2d1c250c93b784c60773e366bde6eb7ead3f807f0945dd8bd
Download:	download sample
File size:	52'736 bytes
First seen:	2020-11-07 20:16:41 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a64e048b98d051ae6e6b6334f77c95d3 (7 x Berbew)
ssdeep	768:VADnewMMMsmIxxqc0mflmMX87l0F3G6IIWccJfI5butOyMzz/1H5:VInewMMMs370mzX888VJf0u4zB
Threatray	173 similar samples on MalwareBazaar
TLSH	AF335AB61DBC4E13C53A23B312E618386AA7C676356F74090FF2B2C65784DAFA21544F
Reporter	seifreed

Intelligence

File Origin

# of uploads :

1

# of downloads :

79

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Crypted-31

Win.Trojan.Obfus-38

Win.Dropper.Berbew-9106192-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Sending a UDP request

Creating a file in the Windows subdirectories

Creating a process from a recently created file

Creating a process with a hidden window

Enabling autorun

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/a4df4e0de251fdc2d1c250c93b784c60773e366bde6eb7ead3f807f0945dd8bd/

Threat name:

Win32.Backdoor.Berbew

Status:

Malicious

First seen:

2020-11-07 20:39:06 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

452f8859d1b67e0bf9e98be9babbaf597ff1fade06ad646d306ec1cc15cee0e5

477435b5dffab09deb3fbc0ceba951a59608ff19d66c794b0895ae45cac38a01

5ba5f7772ac0532f17497df1089af92ebe63e918c956132327cc9d3bd6c61b31

5c62782d077bc7d313f75e643ad404f04f006e666fa92608cd779b9121e854d4

5e7a5f8ea8ad4086e0c320986b628e4a606590e6f5e5c4a36968a6be2b89a6e2

93250c493eb18e3d5239f8386453d1e1b26bb2f6d3f47a9038132b6da217c2b6

9601c268a4fab57aeda5c79ce310d4e7364dbc643a526b6d80599d23459f1dfd

b399f7597a61aaf1eb5fc44e64786ec1625712c8ca4005f8f60b3c5430d724e3

c11d3762d7c2f6eec3129a48d06f3b22664dbd4c97ca50c1bae5d0974912d265

f53bdad654d80edc2e2ee1203f5a36315569dcec2e29ad6770783c56287b268d

+ 163 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/201108-4zf91vy9da/

Behaviour

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Drops file in System32 directory

Loads dropped DLL

Executes dropped EXE

Adds autorun key to be loaded by Explorer.exe on startup

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample