Behavioral task
behavioral1
Sample
5997f4cb9f0b863da332731e191882a0_NeikiAnalytics.exe
Resource
win7-20240221-en
General
-
Target
5997f4cb9f0b863da332731e191882a0_NeikiAnalytics
-
Size
483KB
-
MD5
5997f4cb9f0b863da332731e191882a0
-
SHA1
6daa508d8e92e9e9eb0ed93cc7ccb27b7f40a9cb
-
SHA256
17e5e77efe41e990c2cdc99af3e7bd4b99948473c79a06785fbb272d9c62c9e8
-
SHA512
c13329f3b193d7aeb82216e7e7a4a31c75c29d6c887f12578cfc25cd76924e2d782ce57667ba003de5b69f758e7647eadf3230ccce9055dac7ff5255b9dfb1ad
-
SSDEEP
6144:mcm7ImGddXv/VWrXD486jCpoAhlq1mEjBqLyOSlhNFF2Y:I7TcfNWj168w1VjsyvhNFF2Y
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5997f4cb9f0b863da332731e191882a0_NeikiAnalytics
Files
-
5997f4cb9f0b863da332731e191882a0_NeikiAnalytics.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
Size: 156KB - Virtual size: 156KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 7KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ