Behavioral task
behavioral1
Sample
3dd2fa8f1843aff8461fc9e2ae4e3b70_NEIKI.exe
Resource
win7-20240221-en
General
-
Target
3dd2fa8f1843aff8461fc9e2ae4e3b70_NEIKI
-
Size
348KB
-
MD5
3dd2fa8f1843aff8461fc9e2ae4e3b70
-
SHA1
b3117f8bc201b19b8447afea3456d135bdafa61a
-
SHA256
2e63d048bdf044d93129f9ea3aa7f14f7c16b10d80b343ab9d0ba6f89ce22a6d
-
SHA512
f8a1303178e02e7076ca18fd34e682fec2b3ed1ee474afe31b3827e52d947e976bd138fa0f7453c9bda48fa02056c9b1f3861a4e9f573b91c31064da329a9fe6
-
SSDEEP
6144:bcm4FmowdHoSgWrXD486jCpoAhlq1mEjBqLyOSlhNFF2i:h4wFHoSgWj168w1VjsyvhNFF2i
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
resource yara_rule sample upx -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3dd2fa8f1843aff8461fc9e2ae4e3b70_NEIKI
Files
-
3dd2fa8f1843aff8461fc9e2ae4e3b70_NEIKI.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
UPX0 Size: - Virtual size: 104KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 40KB - Virtual size: 44KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX2 Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE