MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cde8366dcb7f3a05b1ed90853cfe95ce2f52e29cdf442182eeafb9862e293360. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cde8366dcb7f3a05b1ed90853cfe95ce2f52e29cdf442182eeafb9862e293360
SHA3-384 hash: ebd329ec88c19cbd77a808b4805fcbfe23dbafd4f2e1e206b84036213e6d149c042142b7601a746310c9191243fdfc82
SHA1 hash: 9be766ea40798d39b93f585e1c698e607b19a380
MD5 hash: ff0eff8e58066827c0142870fa0e275e
humanhash: william-spaghetti-eight-colorado
File name:cde8366dcb7f3a05b1ed90853cfe95ce2f52e29cdf442182eeafb9862e293360
Download: download sample
File size:208'896 bytes
First seen:2020-06-03 08:24:08 UTC
Last seen:2020-06-03 09:26:56 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash a64e048b98d051ae6e6b6334f77c95d3 (7 x Berbew)
ssdeep 3072:8EeD9lqPbaFDKdhk3pIXW8TprCAm1mTDKaFDKdhk3pIX:IZ8PbaeXW8laeKaeX
TLSH 511426ABB6AE7BA3FC33C63733664520FE4BD4584F85810D21C6A5389AC11F61DE524E
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
2
# of downloads :
65
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Crypted-29
Create hunting rule

Win.Trojan.Obfus-38
Create hunting rule

Win.Malware.Qukart-6838239-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Berbew
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 08:38:20 UTC
AV detection:
47 of 48 (97.92%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-lykq1jtzej/
Behaviour
Modifies registry class
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Program crash
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Adds autorun key to be loaded by Explorer.exe on startup
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments