Behavioral task
behavioral1
Sample
32be86a313f8824adf019ce5ce65dec0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
32be86a313f8824adf019ce5ce65dec0_NeikiAnalytics.exe
Resource
win10v2004-20240508-en
General
-
Target
32be86a313f8824adf019ce5ce65dec0_NeikiAnalytics
-
Size
669KB
-
MD5
32be86a313f8824adf019ce5ce65dec0
-
SHA1
ba5acbeef8fc53d8788a11a67203282259eef514
-
SHA256
a39be21e17b981573600feeb2a96f41e9da19983309cd4ba7f9d61da4ae4f39f
-
SHA512
691648a08010c8e2739f85e8ffe552e2ce95692ec63c5b56c2903a3b482c2aea9f658e831c7f3a018049e082c871156db10d4d0cdb09fa293dc6465785c37e80
-
SSDEEP
12288:NeexXeVKhMpQnqr+cI3a72LXrY6x46UbR/qYglMi:UexuchMpQnqrdX72LbY6x46uR/qYglMi
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 32be86a313f8824adf019ce5ce65dec0_NeikiAnalytics
Files
-
32be86a313f8824adf019ce5ce65dec0_NeikiAnalytics.exe windows:1 windows x86 arch:x86
26babd76bbb7f9c516a338b0601b4c9f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
wsock32
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket
ole32
CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize
oleaut32
SysAllocString
wininet
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
kernel32
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA
user32
GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA
gdi32
GetStockObject
DeleteObject
advapi32
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA
crtdll
_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
Sections
.text Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 122KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.flh Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ