MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f53bdad654d80edc2e2ee1203f5a36315569dcec2e29ad6770783c56287b268d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f53bdad654d80edc2e2ee1203f5a36315569dcec2e29ad6770783c56287b268d
SHA3-384 hash: 79dc6e5db5688b36156a2326ba2f80ca588b448c25e7238e79872f6031a86c0825da4bfb7f8ffa95c18a696de4de2f46
SHA1 hash: cb4d8ad4fba8812318a5139f27d66889204a38ed
MD5 hash: 80e23f983760fd821db07688dd71259d
humanhash: nineteen-oklahoma-september-nevada
File name:f53bdad654d80edc2e2ee1203f5a36315569dcec2e29ad6770783c56287b268d
Download: download sample
File size:473'309 bytes
First seen:2020-11-07 20:16:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash a64e048b98d051ae6e6b6334f77c95d3 (7 x Berbew)
ssdeep 6144:tUn/QBNe9T7UwelXT83nL/K89dnYnFXT83nLwuxLmJjXT83nLu1zbDA+kn5FXT8t:tU4w3Gsn0w3/xKtw3WvD0w38/JXw3/
Threatray 115 similar samples on MalwareBazaar
TLSH 2DA4AFD603803C43C89E02746D5AFB4CA1685A7E3F49438F12B56AC6D6F63F16E143AB
Reporter seifreed

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Win.Trojan.Crypted-29
Create hunting rule

Win.Dropper.Berbew-9106192-0
Create hunting rule

Win.Malware.Yakes-9669964-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Launching the default Windows debugger (dwwin.exe)
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f53bdad654d80edc2e2ee1203f5a36315569dcec2e29ad6770783c56287b268d/
Threat name:
Win32.Backdoor.Berbew
Create hunting rule
Status:
Malicious
First seen:
2020-11-07 20:39:22 UTC
AV detection:
28 of 29 (96.55%)
Threat level:
  5/5
Verdict:
unknown
Similar samples:
452f8859d1b67e0bf9e98be9babbaf597ff1fade06ad646d306ec1cc15cee0e5
477435b5dffab09deb3fbc0ceba951a59608ff19d66c794b0895ae45cac38a01
5ba5f7772ac0532f17497df1089af92ebe63e918c956132327cc9d3bd6c61b31
5c62782d077bc7d313f75e643ad404f04f006e666fa92608cd779b9121e854d4
5e7a5f8ea8ad4086e0c320986b628e4a606590e6f5e5c4a36968a6be2b89a6e2
745905fc6c621066133fa3eaedc9746064f2c7ad83b324423571862ab681591c
93250c493eb18e3d5239f8386453d1e1b26bb2f6d3f47a9038132b6da217c2b6
9601c268a4fab57aeda5c79ce310d4e7364dbc643a526b6d80599d23459f1dfd
a4df4e0de251fdc2d1c250c93b784c60773e366bde6eb7ead3f807f0945dd8bd
b399f7597a61aaf1eb5fc44e64786ec1625712c8ca4005f8f60b3c5430d724e3
+ 105 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/201108-csxfqgry2x/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Program crash
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments