berbew | 390ed4e485b70c76ccb7f09c73cf0a30_NeikiAnalytics

Sharing

Copy URL Twitter E-mail

General

Target

390ed4e485b70c76ccb7f09c73cf0a30_NeikiAnalytics
Size

568KB
MD5

390ed4e485b70c76ccb7f09c73cf0a30
SHA1

f017130020f5f610fb59e56cbef667aa22c30e13
SHA256

faf167ca5300e7a264b24e9145babc5400a8f38d61cd93dceebddda5cbef42e1
SHA512

bc6a48fe5501e5948845f363e66f7c9a5b2cf5927b843edd015cf47210fdcfc60d64a4c76dbcbd937638a62525af106ea2decd8454d80c0491c616b5eea09d49
SSDEEP

12288:sEtQnEeswV7xyvZeZ9TEMuQDBMC0qR/sKkVS3gL+OUImyf:s2gFHdxyvZATEMNsLVS3gL+OUImyf

Score

10^/10

backdoor trojan dropper berbew

Malware Config

Signatures

Berbew family
berbew

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
390ed4e485b70c76ccb7f09c73cf0a30_NeikiAnalytics

Files

390ed4e485b70c76ccb7f09c73cf0a30_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 475KB - Virtual size: 474KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.reloc Size: 28KB - Virtual size: 27KB

.data Size: 1KB - Virtual size: 1KB

.rdata Size: 475KB - Virtual size: 474KB

.bss Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 16B

.idata Size: 512B - Virtual size: 4KB

.reloc Size: 2KB - Virtual size: 4KB

.pdata Size: 512B - Virtual size: 4KB

.rsrc Size: 9KB - Virtual size: 12KB

.reloc Size: 5KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.reloc
Size: 28KB - Virtual size: 27KB

.data
Size: 1KB - Virtual size: 1KB

.rdata
Size: 475KB - Virtual size: 474KB

.bss
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 16B

.idata
Size: 512B - Virtual size: 4KB

.reloc
Size: 2KB - Virtual size: 4KB

.pdata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 9KB - Virtual size: 12KB

.reloc
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB