Behavioral task
behavioral1
Sample
22c7c2bd8d3a862ef1050b120531b3d0_NEAS.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
22c7c2bd8d3a862ef1050b120531b3d0_NEAS.exe
Resource
win10v2004-20240419-en
General
-
Target
22c7c2bd8d3a862ef1050b120531b3d0_NEAS
-
Size
378KB
-
MD5
22c7c2bd8d3a862ef1050b120531b3d0
-
SHA1
2602eaf6e1e9118c19aac0c7b9e7bb163f0b2a04
-
SHA256
3db3b1481a9ab13b5d978589323af923dc357468a40a7fa36122d0d0adb4f894
-
SHA512
609b48acaace1cd2242fb7a3d5c7b5ecc9c4a3c57a54f1309a26dce24cdace46619d592bf7a8bfbaad52cd6f55e4eb67c5a87dc7593f0d75f571dfcab2b74b7c
-
SSDEEP
6144:y3njYprtMsQBma/atn9pG4l+0K76zHTgb8ecFeK8TJ4u392vVAMR4/5V0lLn+Cwq:y3nMRMsEat9pG4l+0K7WHT91M52vVAMb
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 22c7c2bd8d3a862ef1050b120531b3d0_NEAS
Files
-
22c7c2bd8d3a862ef1050b120531b3d0_NEAS.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 31KB - Virtual size: 31KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 132KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.kofbl Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.l1 Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ