MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b10c775fd14d1c6757ece6d5c17f45a6fbbe7d11914c1dc1e3d5cf6f1a1164f6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Berbew


Vendor detections: 11


Intelligence 11 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b10c775fd14d1c6757ece6d5c17f45a6fbbe7d11914c1dc1e3d5cf6f1a1164f6
SHA3-384 hash: ad5f94e27c9a1fe022096607dd79d458bfbdff63551e71cd33d784f7ba51b8949f25d468c9db27f88b29de10b017a97b
SHA1 hash: eb994bb4020d3f2ea48104a721a914f9a3e351f9
MD5 hash: b84f8229fcb4c08ad802084c2d69cacc
humanhash: king-stream-cola-avocado
File name:b84f8229fcb4c08ad802084c2d69cacc.exe
Download: download sample
Signature Berbew
Create hunting rule
File size:102'409 bytes
First seen:2024-01-16 00:59:49 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash fac73f28669b7c9fd9ec443763cef5ff (1 x Berbew)
ssdeep 1536:Er/VyaWMtGM3/T8MTBR+PyC6xkbctgvFgblQQa3+om13XRz:Er/VycXY0tMBNgb3a3+X13XRz
TLSH T150A37C3EFE51CEB2CAC3327176C64A83BF24947649A4D4905D39836E274FA1592BB1C3
TrID 27.3% (.SCR) Windows screen saver (13097/50/3)
21.9% (.EXE) Win64 Executable (generic) (10523/12/4)
13.7% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
10.5% (.EXE) Win16 NE executable (generic) (5038/12/1)
9.4% (.EXE) Win32 Executable (generic) (4505/5/1)
Reporter smica83
Tags:Berbew exe UKR

Intelligence

File Origin
# of uploads :
1
# of downloads :
340
Origin country :
HU HU
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/471019/
Detection(s):
Win.Dropper.Berbew-10009643-0
Create hunting rule

Win.Trojan.Qukart-10010381-0
Create hunting rule

Win.Packed.Razy-10013433-0
Create hunting rule

Win.Packed.Zusy-10014848-0
Create hunting rule

Win.Packed.Glupteba-10016954-0
Create hunting rule

Win.Malware.Padodor-6840301-0
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
overlay packed
Link:
https://www.filescan.io/uploads/65a5d5155d1422b208140f17/reports/eaa49da8-c631-4a9a-88b9-1d417ecf35a7/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/b10c775fd14d1c6757ece6d5c17f45a6fbbe7d11914c1dc1e3d5cf6f1a1164f6
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/d93dd4f7-45cb-4e21-b01a-244ac7bddad0
Result
Threat name:
Berbew
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1375084
Signature
Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Creates an undocumented autostart registry key
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
PE file has a writeable .text section
Yara detected Berbew
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1375084 Sample: CV8qse9G5a.exe Startdate: 16/01/2024 Architecture: WINDOWS Score: 100 94 Antivirus detection for dropped file 2->94 96 Antivirus / Scanner detection for submitted sample 2->96 98 Multi AV Scanner detection for dropped file 2->98 100 5 other signatures 2->100 14 CV8qse9G5a.exe 3 3 2->14         started        process3 file4 82 C:\Windows\SysWOW64\Jclmlggp.exe, PE32 14->82 dropped 84 C:\Windows\SysWOW64\Ieembcao.dll, PE32 14->84 dropped 128 Creates an undocumented autostart registry key 14->128 130 Drops executables to the windows directory (C:\Windows) and starts them 14->130 18 Jclmlggp.exe 2 14->18         started        signatures5 process6 file7 54 C:\Windows\SysWOW64\Ldikbeob.dll, PE32 18->54 dropped 56 C:\Windows\SysWOW64\Jcniagen.exe, PE32 18->56 dropped 102 Antivirus detection for dropped file 18->102 104 Machine Learning detection for dropped file 18->104 106 Drops executables to the windows directory (C:\Windows) and starts them 18->106 22 Jcniagen.exe 2 18->22         started        signatures8 process9 file10 66 C:\Windows\SysWOW64\Mpcnafhf.dll, PE32 22->66 dropped 68 C:\Windows\SysWOW64\Jpbjkk32.exe, PE32 22->68 dropped 112 Antivirus detection for dropped file 22->112 114 Machine Learning detection for dropped file 22->114 116 Drops executables to the windows directory (C:\Windows) and starts them 22->116 26 Jpbjkk32.exe 2 22->26         started        signatures11 process12 file13 74 C:\Windows\SysWOW64\Jolebagh.dll, PE32 26->74 dropped 76 C:\Windows\SysWOW64\Jcbblf32.exe, PE32 26->76 dropped 120 Antivirus detection for dropped file 26->120 122 Machine Learning detection for dropped file 26->122 124 Drops executables to the windows directory (C:\Windows) and starts them 26->124 30 Jcbblf32.exe 2 26->30         started        signatures14 process15 file16 86 C:\Windows\SysWOW64\Kpgcfjpb.exe, PE32 30->86 dropped 88 C:\Windows\SysWOW64nqbio32.dll, PE32 30->88 dropped 132 Antivirus detection for dropped file 30->132 134 Machine Learning detection for dropped file 30->134 136 Drops executables to the windows directory (C:\Windows) and starts them 30->136 34 Kpgcfjpb.exe 2 30->34         started        signatures17 process18 file19 58 C:\Windows\SysWOW64\Kgchhd32.exe, PE32 34->58 dropped 60 C:\Windows\SysWOW64ochjfpd.dll, PE32 34->60 dropped 108 Drops executables to the windows directory (C:\Windows) and starts them 34->108 38 Kgchhd32.exe 2 34->38         started        signatures20 process21 file22 70 C:\Windows\SysWOW64\Ongfqk32.dll, PE32 38->70 dropped 72 C:\Windows\SysWOW64\Kdghahdf.exe, PE32 38->72 dropped 118 Drops executables to the windows directory (C:\Windows) and starts them 38->118 42 Kdghahdf.exe 2 38->42         started        signatures23 process24 file25 78 C:\Windows\SysWOW64\Ldnobg32.exe, PE32 42->78 dropped 80 C:\Windows\SysWOW64\Agomqb32.dll, PE32 42->80 dropped 126 Drops executables to the windows directory (C:\Windows) and starts them 42->126 46 Ldnobg32.exe 2 42->46         started        signatures26 process27 file28 90 C:\Windows\SysWOW6490ckhfb32.dll, PE32 46->90 dropped 92 C:\Windows\SysWOW64\Lmicfj32.exe, PE32 46->92 dropped 138 Drops executables to the windows directory (C:\Windows) and starts them 46->138 50 Lmicfj32.exe 2 46->50         started        signatures29 process30 file31 62 C:\Windows\SysWOW64\Lnipqm32.exe, PE32 50->62 dropped 64 C:\Windows\SysWOW64lpekplb.dll, PE32 50->64 dropped 110 Drops executables to the windows directory (C:\Windows) and starts them 50->110 signatures32
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/b10c775fd14d1c6757ece6d5c17f45a6fbbe7d11914c1dc1e3d5cf6f1a1164f6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b10c775fd14d1c6757ece6d5c17f45a6fbbe7d11914c1dc1e3d5cf6f1a1164f6/
Threat name:
Win32.Backdoor.Padodor
Create hunting rule
Status:
Malicious
First seen:
2024-01-12 19:25:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
34 of 38 (89.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=weghox6rjuogov7m43k4c72fu35347irsfgb3qpd2xhw6gqrmt3a._file
Verdict:
malicious
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/240116-bcnfcsaadl/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Executes dropped EXE
Loads dropped DLL
Adds autorun key to be loaded by Explorer.exe on startup
Unpacked files
SH256 hash:
11e6a59897372a52d3abebc3392670a644aad676490f51d0775a5a76c867c003
MD5 hash:
a08cc36f71ccb69904cae54071c487d8
SHA1 hash:
f5c1a4548ae8e5c74f47a5f49a4448b2085f64de
Link:
https://www.unpac.me/results/d83aec8c-0338-4800-adaa-0188f22efcbd/
SH256 hash:
25bc93078736f13620d578dcbcb6e63e70b23e9759cae0d8b9ca48a54e5d020d
MD5 hash:
e7c467eab62950594efef69df1609bd8
SHA1 hash:
50c000dcc03c0fb7e005b6b3f2e7f4813aa5fa3b
Detections:
berbew_2004
Create hunting rule
Link:
https://www.unpac.me/results/d83aec8c-0338-4800-adaa-0188f22efcbd/
SH256 hash:
b10c775fd14d1c6757ece6d5c17f45a6fbbe7d11914c1dc1e3d5cf6f1a1164f6
MD5 hash:
b84f8229fcb4c08ad802084c2d69cacc
SHA1 hash:
eb994bb4020d3f2ea48104a721a914f9a3e351f9
Link:
https://www.unpac.me/results/d83aec8c-0338-4800-adaa-0188f22efcbd/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.86
Link:
https://yomi.yoroi.company/submissions/b10c775fd14d1c6757ece6d5c17f45a6fbbe7d11914c1dc1e3d5cf6f1a1164f6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/471019/

Comments