berbew | f3d7565fd67ec35301863de1c9ca24786dcd0101dd590e0f000744fe607a6500 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3caea17600...cs.exe

windows7-x64

3caea17600...cs.exe

windows10-2004-x64

Sharing

General

Target

3caea176002270e70c289d9499e9d580_NeikiAnalytics
Size

401KB
Sample

240511-1djk8scg75
MD5

3caea176002270e70c289d9499e9d580
SHA1

d97ddc65e07362be4ff2ff5e72b2868a7aa81d3c
SHA256

f3d7565fd67ec35301863de1c9ca24786dcd0101dd590e0f000744fe607a6500
SHA512

231891abd20594bbd0c459c4b35a8911011f777c2e2cb56ffc47e24ec561e4969e4b2d5fc325cde0687fa641db5e245c7641bba3d7767784842a4ee9de843f57
SSDEEP

6144:9/uHMvoygR7Andpui6yYPaIGckfru5xyDpui6yYPaIGckSU05836PGyA7:SygRcndpV6yYP4rbpV6yYPg058KrY

Score

10^/10

berbew backdoor dropper persistence trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

3caea176002270e70c289d9499e9d580_NeikiAnalytics.exe

Resource

win7-20240220-en

backdoor dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

3caea176002270e70c289d9499e9d580_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

backdoor dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  3caea176002270e70c289d9499e9d580_NeikiAnalytics
- Size
  
  401KB
- MD5
  
  3caea176002270e70c289d9499e9d580
- SHA1
  
  d97ddc65e07362be4ff2ff5e72b2868a7aa81d3c
- SHA256
  
  f3d7565fd67ec35301863de1c9ca24786dcd0101dd590e0f000744fe607a6500
- SHA512
  
  231891abd20594bbd0c459c4b35a8911011f777c2e2cb56ffc47e24ec561e4969e4b2d5fc325cde0687fa641db5e245c7641bba3d7767784842a4ee9de843f57
- SSDEEP
  
  6144:9/uHMvoygR7Andpui6yYPaIGckfru5xyDpui6yYPaIGckSU05836PGyA7:SygRcndpV6yYP4rbpV6yYPg058KrY
Score

10^/10

backdoor dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordropperpersistencetrojan

behavioral2

backdoordropperpersistencetrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.