MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5bc198fb2a8b60bc89da31776fe8e1285bd425e0c9f7d7fa6bad60f7451be60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Berbew


Vendor detections: 8


Intelligence 8 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5bc198fb2a8b60bc89da31776fe8e1285bd425e0c9f7d7fa6bad60f7451be60
SHA3-384 hash: 7617a257272928149a9a949f01f857bfd7c626fe1b401fcff5e74b6da046f64ea8125c31370a8bdecb0e54584bb8448d
SHA1 hash: 305c6f35f46c83442b23097f41e63695f17be1ff
MD5 hash: 071773c75d79ab06d8607db45d521ef0
humanhash: east-william-quebec-emma
File name:virussign.com_071773c75d79ab06d8607db45d521ef0
Download: download sample
Signature Berbew
Create hunting rule
File size:65'536 bytes
First seen:2022-07-13 14:12:25 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 62ec3dce1eba1b68f6a4511bb09f8c2c (15 x Berbew)
ssdeep 768:x2TmCSiSAkuu4OSqLHQ4irdx5VuH3KgIP1+JemScbzDybVFaahOqan/azZg2p/1B:xVNypn5QtM+5xCCcYyg2LTUoZmhXy
Threatray 86 similar samples on MalwareBazaar
TLSH T1F6539E02BCBBFE26D12D45347EA1F369FD7871BE886651493464BDD61AEF40900E0BA3
TrID 27.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
20.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
18.5% (.EXE) Win32 Executable (generic) (4505/5/1)
8.5% (.EXE) Win16/32 Executable Delphi generic (2072/23)
8.3% (.EXE) OS/2 Executable (generic) (2029/13)
Reporter KdssSupport
Tags:Berbew exe


Avatar
KdssSupport
Uploaded with API

Intelligence

File Origin
# of uploads :
1
# of downloads :
124
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/287118/
Detection(s):
Win.Trojan.Crypted-36
Create hunting rule

Win.Trojan.Obfus-38
Create hunting rule

Win.Malware.Razy-9865334-0
Create hunting rule

Win.Malware.Qukart-6838239-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Creating a file in the Windows subdirectories
Creating a process from a recently created file
Creating a process with a hidden window
Sending a custom TCP request
Enabling autorun
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
greyware overlay packed
Link:
https://www.filescan.io/uploads/62ced30eec671b846f9002fa/reports/616369cc-70db-4e59-b014-e362e9b98263/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ad24971a-672a-472e-9d2f-ce6d8dfea3e5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b5bc198fb2a8b60bc89da31776fe8e1285bd425e0c9f7d7fa6bad60f7451be60/
Threat name:
Win32.Backdoor.DacicHangup
Create hunting rule
Status:
Malicious
First seen:
2022-07-07 18:02:00 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
24 of 26 (92.31%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ww6btd5svc3axse5umlxn7uockc32qs6bspx275gxlla65crxzqa._file
Verdict:
malicious
Similar samples:
177dc6eb9550a0bd1905c49d2289e4be299d801ef144605dd1d331948b0df651
Berbew
2b836a69abc38cfca0cca8b20213ffcc84037229e3325edbc80603bc9fc163a9
Berbew
477435b5dffab09deb3fbc0ceba951a59608ff19d66c794b0895ae45cac38a01
Berbew
69a62a1fb4b844bf19b8e17432a7aada5947d9ff5e73fefda01f2b571f5dfa9a
Berbew
93250c493eb18e3d5239f8386453d1e1b26bb2f6d3f47a9038132b6da217c2b6
Berbew
9601c268a4fab57aeda5c79ce310d4e7364dbc643a526b6d80599d23459f1dfd
Berbew
c74553c7e1a454db1cfcb85c62d14d4bc5ac63de57c06d64dfed877035e6a82c
Berbew
c9611a2b6cb074644dcdcf27dfaaf3adf42b734c46a7292b6b8d5b37f686afe3
Berbew
e2221376087f037a9f493a0da138f301a6ceab55dc11b5a27d3998c4e46cd472
Berbew
ffe53e36304bc25aa703cae5c4930d809031e5aa84fd6b4e4179932f82ae38f8
Berbew
+ 76 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/220713-rjjnraaad4/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
Adds autorun key to be loaded by Explorer.exe on startup
Unpacked files
SH256 hash:
25651bf85d9e8a6407cd3867cd1a7f6e2e4fa1c84ba2370a89c73bb0c1e839de
MD5 hash:
8be38d10ac28459a4f9cd926924db60b
SHA1 hash:
3ce0ad4ee932832478cdd7e1f300daaf1eebbcb7
Link:
https://www.unpac.me/results/807b58e0-a9e9-4e2c-8d30-99cb79e96fa9/
SH256 hash:
ae52d5e50c435d6e6d0a7a488c6a050d449cfe3b0e6a873b66349c9ad0f9828e
MD5 hash:
50dee9757d8742f4472b8d665dbba7c7
SHA1 hash:
b12826b90cabe69130bd2a3171aed51a1ae4e8a2
Link:
https://www.unpac.me/results/807b58e0-a9e9-4e2c-8d30-99cb79e96fa9/
SH256 hash:
b5bc198fb2a8b60bc89da31776fe8e1285bd425e0c9f7d7fa6bad60f7451be60
MD5 hash:
071773c75d79ab06d8607db45d521ef0
SHA1 hash:
305c6f35f46c83442b23097f41e63695f17be1ff
Link:
https://www.unpac.me/results/807b58e0-a9e9-4e2c-8d30-99cb79e96fa9/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b5bc198fb2a8b60bc89da31776fe8e1285bd425e0c9f7d7fa6bad60f7451be60

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:meth_get_eip
Create hunting rule
Author:Willi Ballenthin

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Berbew

Executable exe b5bc198fb2a8b60bc89da31776fe8e1285bd425e0c9f7d7fa6bad60f7451be60

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/287118/

Comments