berbew | 829edafeaf99482ebe4091783b7a63b0_NeikiAnalytics

General

Target

829edafeaf99482ebe4091783b7a63b0_NeikiAnalytics
Size

672KB
MD5

829edafeaf99482ebe4091783b7a63b0
SHA1

a73d0b505761f01e3d42f1804fb7186513ed1805
SHA256

47b7b889e5197800968161f5aa4d6c9255cbfeb251c86f32a79a227d3d5db840
SHA512

cca8824fe73fd7db9b072c111ff9f71bbf3618fca61e709447b19ffc499f049d6f66319ea61cacef26325653fbb824bb7c2bd0a22306d533e7bf77488f94cb23
SSDEEP

12288:29Bm+95nHfF2mgewFx5vqh9U+3iRdLup1kfgjdkAqUKkD57lc0fzEV/d9RIY/9kn:29Bz95ndbgfx5ifeu+gjTqUKkD57lc0R

Score

10^/10

backdoor trojan dropper berbew

Malware Config

Signatures

Berbew family
berbew

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
829edafeaf99482ebe4091783b7a63b0_NeikiAnalytics

Files

829edafeaf99482ebe4091783b7a63b0_NeikiAnalytics
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 182KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.htext
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 182KB - Virtual size: 204KB

.rsrc Size: 85KB - Virtual size: 84KB

.l1 Size: 5KB - Virtual size: 5KB

.idata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

.htext Size: 32KB - Virtual size: 32KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 182KB - Virtual size: 204KB

.rsrc
Size: 85KB - Virtual size: 84KB

.l1
Size: 5KB - Virtual size: 5KB

.idata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.htext
Size: 32KB - Virtual size: 32KB