Behavioral task
behavioral1
Sample
2a3e913357b13787491af6f585e14730_NeikiAnalytics.exe
Resource
win7-20240508-en
General
-
Target
2a3e913357b13787491af6f585e14730_NeikiAnalytics.exe
-
Size
214KB
-
MD5
2a3e913357b13787491af6f585e14730
-
SHA1
47561dfce54b352e8fbbcecdf3d58f6ad33a9e73
-
SHA256
cf0b860b7f26e20a2c66174002e7e76ec5610817abfac351f5169cc1c70e1857
-
SHA512
f360573afcfe5c02776d78deda4af793cf2c8144bd078056913c3cccb7195be3635d79f3b303c36b1a576532f10b97bdc11a368c7adad046a2d335994c502ed9
-
SSDEEP
3072:ZhOm2sI93UufdC67ciEu0P5axvqdUmdznCvs7BuRoYFBg/gXVqPfSoi0yG24ePe:Zcm7ImGddXEu0ucju6/4kf724f
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 2a3e913357b13787491af6f585e14730_NeikiAnalytics.exe
Files
-
2a3e913357b13787491af6f585e14730_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.rsrc Size: 40KB - Virtual size: 152KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 2KB - Virtual size: 3KB
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.pdata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 8KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.text Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ