Behavioral task
behavioral1
Sample
NEAS.0fc9c7123476619ff75f93847b6621c0_JC.exe
Resource
win7-20231023-en
Behavioral task
behavioral2
Sample
NEAS.0fc9c7123476619ff75f93847b6621c0_JC.exe
Resource
win10v2004-20231020-en
General
-
Target
NEAS.0fc9c7123476619ff75f93847b6621c0_JC.exe
-
Size
712KB
-
MD5
0fc9c7123476619ff75f93847b6621c0
-
SHA1
9baf594be29ddd5952b90cb60a75fd07b7249953
-
SHA256
299d76183f804077e39248ab9612f6d631f1f0f9c734a8caf5af0681635d7a8a
-
SHA512
dbb27c25dc6f946e5df425f9fb9acf2b003738cbbdeef4bf67d1c14219b707d094bdd3c194f42e7813b1188fe6f4c17e665dcb2960a5979196a3fb4aac754d58
-
SSDEEP
12288:eytbV3kSoXaLnTossbp9NhMCq0wErazPQWHkbwguZMnmiwdynTsVx+y:hb5kSYaLTVsbp97MC5azPQWhguZILwdX
Malware Config
Signatures
-
Berbew family
-
Malware Backdoor - Berbew 1 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.0fc9c7123476619ff75f93847b6621c0_JC.exe
Files
-
NEAS.0fc9c7123476619ff75f93847b6621c0_JC.exe.exe windows:6 windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.rsrc Size: 163KB - Virtual size: 163KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 85KB - Virtual size: 84KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_RDATA Size: 512B - Virtual size: 256B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 488B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.giats Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 5KB - Virtual size: 8KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.text Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ