berbew | 1dde295e00ff8ce509bf99e02933dcb3ea16f2aff091e8756e36487c7f8a1a87 | Triage

Submit
Reports

Overview

overview

Static

static

a2c8c61361...KI.exe

windows7-x64

a2c8c61361...KI.exe

windows10-2004-x64

Sharing

General

Target

a2c8c61361a0125601e2e38f496c0f50_NEIKI
Size

1.3MB
Sample

240508-3vjcxaee8s
MD5

a2c8c61361a0125601e2e38f496c0f50
SHA1

ffb0940aaea8535b2d2a95c3766f4b9eac68c8b4
SHA256

1dde295e00ff8ce509bf99e02933dcb3ea16f2aff091e8756e36487c7f8a1a87
SHA512

7a9724081ea8f0b8bc45de487c16f033eb107e0aa594d1cd3c29cee628855cf0c851d99d6eabd91a08f8a55ada2650300a9958da610e3d19a8f18de189f706ca
SSDEEP

24576:1vr4B9f01ZmQvrb91v92W9C05wkEPSOdKkrzEoxrC9toC9Dq9onk8:1kB9f0VP91v92W805IPSOdKgzEoxrlQ3

Score

10^/10

berbew backdoor dropper persistence trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

a2c8c61361a0125601e2e38f496c0f50_NEIKI.exe

Resource

win7-20240221-en

backdoor dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a2c8c61361a0125601e2e38f496c0f50_NEIKI.exe

Resource

win10v2004-20240508-en

backdoor dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  a2c8c61361a0125601e2e38f496c0f50_NEIKI
- Size
  
  1.3MB
- MD5
  
  a2c8c61361a0125601e2e38f496c0f50
- SHA1
  
  ffb0940aaea8535b2d2a95c3766f4b9eac68c8b4
- SHA256
  
  1dde295e00ff8ce509bf99e02933dcb3ea16f2aff091e8756e36487c7f8a1a87
- SHA512
  
  7a9724081ea8f0b8bc45de487c16f033eb107e0aa594d1cd3c29cee628855cf0c851d99d6eabd91a08f8a55ada2650300a9958da610e3d19a8f18de189f706ca
- SSDEEP
  
  24576:1vr4B9f01ZmQvrb91v92W9C05wkEPSOdKkrzEoxrC9toC9Dq9onk8:1kB9f0VP91v92W805IPSOdKgzEoxrlQ3
Score

10^/10

backdoor dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordropperpersistencetrojan

behavioral2

backdoordropperpersistencetrojan

© 2018-2025

Terms | Privacy