berbew | 8730e7f25f53352a7b64e23362bc78230f8ec4bbeffdba782d3ab81747dd22cd | Triage

Submit
Reports

Overview

overview

Static

static

43596f5ac1...cs.exe

windows7-x64

43596f5ac1...cs.exe

windows10-2004-x64

Sharing

General

Target

43596f5ac12323c0e9e4130d76145d50_NeikiAnalytics
Size

125KB
Sample

240515-14f8sseh67
MD5

43596f5ac12323c0e9e4130d76145d50
SHA1

0dceb0be0039cde0a98554af1ff2dc9bda5ce0de
SHA256

8730e7f25f53352a7b64e23362bc78230f8ec4bbeffdba782d3ab81747dd22cd
SHA512

bbe64cd2e335717a756a9df345c48e2dcb31ed9e5b0117e8657999a6a418369783dc5002e9eb2befd3be01bd5e19467e02da23b0d1e05488cd619778c02e3b68
SSDEEP

3072:aIiPRPKWDfNhJamBDMWYU/KQuvTPYvnp/CIcG1WdTCn93OGey/ZhJakrPF:SKWzJoIcdTCndOGeKTaG

Score

10^/10

berbew backdoor dropper persistence trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

43596f5ac12323c0e9e4130d76145d50_NeikiAnalytics.exe

Resource

win7-20240508-en

backdoor dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

43596f5ac12323c0e9e4130d76145d50_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

backdoor dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  43596f5ac12323c0e9e4130d76145d50_NeikiAnalytics
- Size
  
  125KB
- MD5
  
  43596f5ac12323c0e9e4130d76145d50
- SHA1
  
  0dceb0be0039cde0a98554af1ff2dc9bda5ce0de
- SHA256
  
  8730e7f25f53352a7b64e23362bc78230f8ec4bbeffdba782d3ab81747dd22cd
- SHA512
  
  bbe64cd2e335717a756a9df345c48e2dcb31ed9e5b0117e8657999a6a418369783dc5002e9eb2befd3be01bd5e19467e02da23b0d1e05488cd619778c02e3b68
- SSDEEP
  
  3072:aIiPRPKWDfNhJamBDMWYU/KQuvTPYvnp/CIcG1WdTCn93OGey/ZhJakrPF:SKWzJoIcdTCndOGeKTaG
Score

10^/10

backdoor dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordropperpersistencetrojan

behavioral2

backdoordropperpersistencetrojan

© 2018-2024

Terms | Privacy