MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a7bea3b9089d6c3fe127bdd5aec0d5e28e06ce83b67e02048ad31879c337ed77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a7bea3b9089d6c3fe127bdd5aec0d5e28e06ce83b67e02048ad31879c337ed77
SHA3-384 hash: a73fe8ebb2f7ad4683770d3ac5b7672d98cfb7fe80679a04cae68f3e54a7aec163bb2fa148d0240970dffe74fcd47686
SHA1 hash: f834aa1e6246df859625c05c9da9cf95b86badd2
MD5 hash: 7ce6ed53747f223f0f33e4cc9626e840
humanhash: sierra-winter-asparagus-green
File name:a7bea3b9089d6c3fe127bdd5aec0d5e28e06ce83b67e02048ad31879c337ed77
Download: download sample
File size:365'568 bytes
First seen:2020-06-03 09:01:55 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a64e048b98d051ae6e6b6334f77c95d3 (7 x Berbew)
ssdeep 6144:16lvajEVFjPi8laeKaeXN40NgwP5aeXW8laeKaeX:16d+EVFj5axvOwBdax
TLSH 9E7449D2A8E338BFFCB7163F3B8A4529BE2BFA540F59C1112CE1A23455C41DA4ED5A41
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
55
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Crypted-29
Create hunting rule

Win.Trojan.Crypted-30
Create hunting rule

Win.Trojan.Obfus-38
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Berbew
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 11:08:14 UTC
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-cj6bd9gp5a/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Adds autorun key to be loaded by Explorer.exe on startup
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments