Behavioral task
behavioral1
Sample
d94d71ee46f7bdcccc3905848e1d6050_NEAS.exe
Resource
win7-20240215-en
Behavioral task
behavioral2
Sample
d94d71ee46f7bdcccc3905848e1d6050_NEAS.exe
Resource
win10v2004-20240419-en
General
-
Target
d94d71ee46f7bdcccc3905848e1d6050_NEAS
-
Size
368KB
-
MD5
d94d71ee46f7bdcccc3905848e1d6050
-
SHA1
fad54aa720e76e0cc81007fd772850067277552e
-
SHA256
3b80264df04c78b07be2a887af2cee2fa6e634b76c009f2fdc9e04bec37cc9ee
-
SHA512
08d5a4cc9ba6ac8783dd8ca8c6341667cae0ee73a551547419efb7f2ec4595bb56a8fb6e2f433fd1cd5a80e4d2e20681e030bbfc34c4fda24d09d1b05f3d6fe4
-
SSDEEP
6144:vvSUREI1tCUlTjZXvEQo9dfJBEdKFckUQ/4TIHD4xutM3VOEIuV5t6R+0I/Vzogc:vvBX5T9XvEhdfJkKSkU3kHyuaRB5t6kO
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource d94d71ee46f7bdcccc3905848e1d6050_NEAS
Files
-
d94d71ee46f7bdcccc3905848e1d6050_NEAS.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 122KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ajelhf Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ