berbew | c5e5ad2f3731021bb8a92537aba08500_NeikiAnalytics

General

Target

c5e5ad2f3731021bb8a92537aba08500_NeikiAnalytics
Size

356KB
MD5

c5e5ad2f3731021bb8a92537aba08500
SHA1

42d21773185056cc528119847c990188724954cf
SHA256

e3127cb94a968d1926956c1fa42767450fc0648398908142df7fe28d484043ee
SHA512

aedf7ea9331003e647d03071865f0add12636ef0588854c10ded4b22071ddbd5339ee7eac743a727ebd4a02217e18862bc7d5383cfab0f00a0aafaa8c8816cf8
SSDEEP

3072:+YUb5QoJ4g+CLi8HSpmWAVW9UNpZj6Iz1ZdW4SrO7FSVpEv4wD66ibO:+YwLTNV97h6SZI4z7FSVp84+2C

Score

10^/10

backdoor trojan dropper berbew

Malware Config

Signatures

Berbew family
berbew

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5e5ad2f3731021bb8a92537aba08500_NeikiAnalytics

Files

c5e5ad2f3731021bb8a92537aba08500_NeikiAnalytics
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.pdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 1024B - Virtual size: 617B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.pdata Size: 65KB - Virtual size: 64KB

.text Size: 12KB - Virtual size: 15KB

.flat Size: 1024B - Virtual size: 617B

.idata Size: 512B - Virtual size: 4KB

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 2KB - Virtual size: 4KB

.text Size: 4KB - Virtual size: 8KB

.idata Size: 512B - Virtual size: 4KB

.text Size: 9KB - Virtual size: 12KB

.rsrc Size: 9KB - Virtual size: 12KB

.pdata
Size: 65KB - Virtual size: 64KB

.text
Size: 12KB - Virtual size: 15KB

.flat
Size: 1024B - Virtual size: 617B

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 2KB - Virtual size: 4KB

.text
Size: 4KB - Virtual size: 8KB

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 9KB - Virtual size: 12KB