Behavioral task
behavioral1
Sample
NEAS.50308f0e9b682e521196652a2b1787d0.exe
Resource
win7-20231020-en
Behavioral task
behavioral2
Sample
NEAS.50308f0e9b682e521196652a2b1787d0.exe
Resource
win10v2004-20231023-en
General
-
Target
NEAS.50308f0e9b682e521196652a2b1787d0.exe
-
Size
528KB
-
MD5
50308f0e9b682e521196652a2b1787d0
-
SHA1
1e430b00b2626743d20272deb832d77f59f8ce8a
-
SHA256
0bf3076c4a32789dfb015aee5cf660d8fc40dadf06f5a20fcb955563df83893a
-
SHA512
c4402a5a076659006beae8563e0cc2bd2accef90ec6c790df60932b6685214637ccc7b394034d9a0ef0e5347c926428323a1bccbbe1eb97cf0b7fb23c88ffac3
-
SSDEEP
12288:rmWhND9yJz+b1FcMLmp2ATTSsdM8lhMmHyHD1AVkYDFIcEpSgicSvvVH:rmUNJyJqb1FcMap2ATT5O8lhMmHyHD1Q
Malware Config
Signatures
-
Berbew family
-
Malware Backdoor - Berbew 1 IoCs
Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.50308f0e9b682e521196652a2b1787d0.exe
Files
-
NEAS.50308f0e9b682e521196652a2b1787d0.exe.exe windows:5 windows x86
173abfa8f7d7adac2a90a2e42625b7d9
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
msvcrt
wcsstr
_snwprintf
strstr
_snprintf
_except_handler3
memset
memcpy
shell32
ord680
SHGetFolderPathA
shlwapi
PathAddBackslashA
StrStrIA
PathFileExistsA
PathAppendA
ntdll
RtlAdjustPrivilege
RtlImageNtHeader
RtlCreateUserThread
kernel32
GetSystemTimeAsFileTime
GetModuleFileNameW
SetCurrentDirectoryA
MoveFileA
DeviceIoControl
ExitProcess
GlobalAddAtomA
GlobalFindAtomA
CopyFileA
GetCurrentProcessId
InterlockedDecrement
CreateFileW
GetVersionExA
FreeLibrary
IsDebuggerPresent
GetTickCount
GetVolumeInformationA
GetEnvironmentVariableA
GetModuleFileNameA
CreateFileA
SetFilePointer
MoveFileExA
lstrcpynA
SetEndOfFile
UnlockFile
LockFile
SetFileTime
WriteFile
IsBadWritePtr
ReadFile
GetFileSizeEx
GetLastError
SetFileAttributesA
GetTempFileNameA
GetFileTime
GetTempPathA
DeleteFileA
GetProcAddress
GetModuleHandleA
HeapAlloc
HeapFree
GetProcessHeap
HeapValidate
GetCurrentProcess
Sleep
FlushInstructionCache
VirtualAlloc
VirtualQuery
Process32First
VirtualFree
CreateRemoteThread
OpenProcess
CreateProcessA
Module32First
GetHandleInformation
VirtualAllocEx
LoadLibraryA
Process32Next
CreateToolhelp32Snapshot
Module32Next
CloseHandle
WriteProcessMemory
SwitchToThread
GetSystemWindowsDirectoryA
user32
FindWindowA
CharUpperA
PostMessageA
advapi32
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey
OpenProcessToken
GetTokenInformation
GetUserNameA
ole32
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
oleaut32
SysFreeString
SysAllocString
VariantClear
VariantInit
Sections
.text Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 334KB - Virtual size: 348KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ