Behavioral task
behavioral1
Sample
5c2a0edb6e45f74a74ea2dba175f1ea0_NEAS.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
5c2a0edb6e45f74a74ea2dba175f1ea0_NEAS.exe
Resource
win10v2004-20240419-en
General
-
Target
5c2a0edb6e45f74a74ea2dba175f1ea0_NEAS
-
Size
368KB
-
MD5
5c2a0edb6e45f74a74ea2dba175f1ea0
-
SHA1
6244a8d9e33a82ceee755e3e311a0eaa99864cfc
-
SHA256
26cab485ac96c4e6c76ab5e4706660bcc06d40523d8e577af8a6a27b6e6cf302
-
SHA512
c807330266f3d7b322d4626d81c9ea545420526cacedc44bcf7fead6497793f9dd9882e4757522b9a027a8edadddfafe1d6595a9ecdf314999254a8318ff8eda
-
SSDEEP
6144:HuhMqavvDlTjZXvEQo9dfJBEdKFckUQ/4TIHD4xutM3VOEIuV5t6R+0I/VzogZW:HVqapT9XvEhdfJkKSkU3kHyuaRB5t6kO
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5c2a0edb6e45f74a74ea2dba175f1ea0_NEAS
Files
-
5c2a0edb6e45f74a74ea2dba175f1ea0_NEAS.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 122KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ajelhf Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ