Behavioral task
behavioral1
Sample
NEAS.c516d4f4a1af0b38a6e124a871d33850.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.c516d4f4a1af0b38a6e124a871d33850.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.c516d4f4a1af0b38a6e124a871d33850.exe
-
Size
168KB
-
MD5
c516d4f4a1af0b38a6e124a871d33850
-
SHA1
04d7606c4cc3904f5a1744695228a0ec0ed15a2f
-
SHA256
1e808fee7a5447ecd4047aa20fad8d20214d5929016a26ca2a03e41629fec12a
-
SHA512
de764ec72b8c70f3b641234017b5608ccc3d655100ee029c26e78253d74dab1bca48ce62d094ec480b34e30d6f67b66f2eaa441a584f1ee6342566cbc3d997c4
-
SSDEEP
3072:4dEUfKj8BYbDiC1ZTK7sxtLUIGKxK/tDwXQw30naFYaCkKEfNqw:4USiZTK40uxKFLw+aFlKEfNl
Malware Config
Signatures
-
Berbew family
-
Malware Backdoor - Berbew 1 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.c516d4f4a1af0b38a6e124a871d33850.exe
Files
-
NEAS.c516d4f4a1af0b38a6e124a871d33850.exe.exe windows:4 windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 496KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 75KB - Virtual size: 76KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.text Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ