Behavioral task
behavioral1
Sample
ad8b0edb5e7e19ac47cbcfc063b05d10_NeikiAnalytics.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ad8b0edb5e7e19ac47cbcfc063b05d10_NeikiAnalytics.exe
Resource
win10v2004-20240426-en
General
-
Target
ad8b0edb5e7e19ac47cbcfc063b05d10_NeikiAnalytics
-
Size
669KB
-
MD5
ad8b0edb5e7e19ac47cbcfc063b05d10
-
SHA1
ad5f47b6619345acc922318a7cdb16c8bd9481e6
-
SHA256
af1639b5e45545812977683a9f96d6f424ae7cc809a56a12712b7cfbb68b79dd
-
SHA512
0900e63a21986bd5b131ee8668c8d05a07a3f62a5e53bef3f7e71e9c6e5781cfc95811506509b3441ac0cdaa09bb3de9250fbd84af4f7dd7c1d1828b33858d87
-
SSDEEP
12288:59sleVKhMpQnqr+cI3a72LXrY6x46UbR/qYglMi:59pchMpQnqrdX72LbY6x46uR/qYglMi
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ad8b0edb5e7e19ac47cbcfc063b05d10_NeikiAnalytics
Files
-
ad8b0edb5e7e19ac47cbcfc063b05d10_NeikiAnalytics.exe windows:1 windows x86 arch:x86
26babd76bbb7f9c516a338b0601b4c9f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
wsock32
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket
ole32
CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize
oleaut32
SysAllocString
wininet
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
kernel32
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA
user32
GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA
gdi32
GetStockObject
DeleteObject
advapi32
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA
crtdll
_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
Sections
.text Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 122KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.flh Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ