berbew | 071a998972f802cc838aa2ef9c6b8870_NeikiAnalytics[.]exe | Triage

Sharing

General

Target

071a998972f802cc838aa2ef9c6b8870_NeikiAnalytics.exe
Size

190KB
MD5

071a998972f802cc838aa2ef9c6b8870
SHA1

55c25028dbdf877176b56208be72aeec79dede4d
SHA256

d6b571bd3e9b40df1750ab716329eb14b18f07785de8afe5ad89092206eacd3f
SHA512

8b72859259eb1d0074ef5989c8553cb2e4853d8415e81dc46f5c82c895fe973d02cba176a2af34a94a39f47ca92f2f7a87faca2f868d7911545e77eb40830bec
SSDEEP

3072:YhOmTsF93UYfwC6GIoutLmxHxae5yLpcgDE4JBuItR8pTsgnKbQFe3+9:Ycm4FmowdHoSLEaTBftapTsyFeO9

Score

10^/10

backdoor trojan dropper berbew

Malware Config

Signatures

Berbew family
berbew
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
backdoor trojan dropper

Processes:

resource yara_rule

sample family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
071a998972f802cc838aa2ef9c6b8870_NeikiAnalytics.exe

Files

071a998972f802cc838aa2ef9c6b8870_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.data
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ