Behavioral task
behavioral1
Sample
NEAS.7af94e49118c7bd5c165df3c4c80cd80.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.7af94e49118c7bd5c165df3c4c80cd80.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.7af94e49118c7bd5c165df3c4c80cd80.exe
-
Size
282KB
-
MD5
7af94e49118c7bd5c165df3c4c80cd80
-
SHA1
a06b831d813503effad3035b7cd49eac2e907cd1
-
SHA256
70fb4fa9b7a3e8fce976ad12f7fbcb559220bed791fba2199dc231312f499db6
-
SHA512
1cf513c9705263909e8a5b51c3f49c1d0ff2c57169dbe2543fa8d87a7166ef4ca6567ca78a0646824ce00037e35ae5d2919a134e7e03a9ed7815c450b465d95b
-
SSDEEP
6144:YeHjzIm3kb1bX2T0hG+dSNkEjiPISUOgW9X+hOGzC/:YeHjzIOEbX2T0hINkmZzcukG2/
Malware Config
Signatures
-
Berbew family
-
Malware Backdoor - Berbew 1 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.7af94e49118c7bd5c165df3c4c80cd80.exe
Files
-
NEAS.7af94e49118c7bd5c165df3c4c80cd80.exe.exe windows:4 windows x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 144KB - Virtual size: 140KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 32KB - Virtual size: 30KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 8KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 20KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ