MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f39b4a0b223f7e3b8b1acaff7e658e0b682ad13f7450ec0869fac9e080603332. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f39b4a0b223f7e3b8b1acaff7e658e0b682ad13f7450ec0869fac9e080603332
SHA3-384 hash: cb507c9de8187c713eb2c17e69d01911870cc16c7f3b5e0e88bd073d80606a5958f7b22ab8b721080da1d3a5c1af82a4
SHA1 hash: 1e568755414c7160e68bccccb07b53f9b5c2864a
MD5 hash: 0f59f0ab6405b4e2479129c7f25d1198
humanhash: kilo-edward-juliet-hawaii
File name:f39b4a0b223f7e3b8b1acaff7e658e0b682ad13f7450ec0869fac9e080603332
Download: download sample
File size:261'120 bytes
First seen:2020-06-03 09:22:33 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a64e048b98d051ae6e6b6334f77c95d3 (7 x Berbew)
ssdeep 3072:OXbUFRGuG6QNx5Rf1FsXaFDKdhk3pIXW8TprCAm1mTDKaFDKdhk3pIX:MuENLFsXaeXW8laeKaeX
TLSH 014426FE78AA35B7FC73063366452721BE5FD8640F85860D25039538ABCD1EE5CA62C2
Reporter raashidbhatt
Tags:exe

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Crypted-28
Create hunting rule

Win.Malware.Qukart-6838239-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Berbew
Create hunting rule
Status:
Malicious
First seen:
2020-06-03 10:53:00 UTC
AV detection:
31 of 31 (100.00%)
Threat level:
  5/5
Verdict:
unknown
Result
Malware family:
n/a
Score:
  10/10
Tags:
persistence
Link:
https://tria.ge/reports/201109-tae8e4tm5n/
Behaviour
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Drops file in System32 directory
Loads dropped DLL
Executes dropped EXE
ServiceHost packer
Adds autorun key to be loaded by Explorer.exe on startup
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments