berbew | beb1aa91feae3aa49a509342c9320b0075560afaabb259558e29ab6d892a274c | Triage

Submit
Reports

Overview

overview

Static

static

cde397773d...cs.exe

windows7-x64

cde397773d...cs.exe

windows10-2004-x64

Sharing

General

Target

cde397773d17c7ad562ee1cdb9004f70_NeikiAnalytics
Size

655KB
Sample

240514-t9cz1aef8w
MD5

cde397773d17c7ad562ee1cdb9004f70
SHA1

e2991210f13dabfad62befe4ec20dda4c0b4da6c
SHA256

beb1aa91feae3aa49a509342c9320b0075560afaabb259558e29ab6d892a274c
SHA512

9a0751a792ed20819d6687e4a9bdd2daae4c11894d8e0ff852e4df7ab014c9cadb45b939c8d0369072418286eea1ba71ec9f604c25d1c3fc434d5198f23b02e2
SSDEEP

12288:PWBm+95nHfF2mgewFX5qOHhufGv5JRLOPNrOWTmARKsxep04Sjw/wfk5v+ns+:PWBz95ndbgfX5qMhl32jTmARKsxep046

Score

10^/10

berbew backdoor dropper trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

cde397773d17c7ad562ee1cdb9004f70_NeikiAnalytics.exe

Resource

win7-20240215-en

backdoor dropper trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

cde397773d17c7ad562ee1cdb9004f70_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

backdoor dropper trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  cde397773d17c7ad562ee1cdb9004f70_NeikiAnalytics
- Size
  
  655KB
- MD5
  
  cde397773d17c7ad562ee1cdb9004f70
- SHA1
  
  e2991210f13dabfad62befe4ec20dda4c0b4da6c
- SHA256
  
  beb1aa91feae3aa49a509342c9320b0075560afaabb259558e29ab6d892a274c
- SHA512
  
  9a0751a792ed20819d6687e4a9bdd2daae4c11894d8e0ff852e4df7ab014c9cadb45b939c8d0369072418286eea1ba71ec9f604c25d1c3fc434d5198f23b02e2
- SSDEEP
  
  12288:PWBm+95nHfF2mgewFX5qOHhufGv5JRLOPNrOWTmARKsxep04Sjw/wfk5v+ns+:PWBz95ndbgfX5qMhl32jTmARKsxep046
Score

10^/10

backdoor dropper trojan
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordroppertrojan

behavioral2

backdoordroppertrojan

© 2018-2025

Terms | Privacy