berbew | 89640cd301e0dfb7431636bd53acc1c8592659cd90f1e96b2ff75d85375b4be6 | Triage

Submit
Reports

Overview

overview

Static

static

739337e86d...cs.exe

windows7-x64

739337e86d...cs.exe

windows10-2004-x64

Sharing

General

Target

739337e86d5fc3ee3c47179715863680_NeikiAnalytics.exe
Size

384KB
Sample

240523-cgf3hshg4t
MD5

739337e86d5fc3ee3c47179715863680
SHA1

e6609f359784adc53ee9fcdc360489b70045aebe
SHA256

89640cd301e0dfb7431636bd53acc1c8592659cd90f1e96b2ff75d85375b4be6
SHA512

3e69346b9878daa96853b983702a434365101e4a6302b35e96497d1245242cba950903b6aeee387eb6f876b19bfd0414a546cbab6faf63a5ffa9c07e2b829b02
SSDEEP

6144:CXKv4gdFKjnyRlJfjkEjiPISUOgW9X+hOGzC/NM:xQXjyljkmZzcukG2/

Score

10^/10

berbew backdoor dropper trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

739337e86d5fc3ee3c47179715863680_NeikiAnalytics.exe

Resource

win7-20240221-en

backdoor dropper trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

739337e86d5fc3ee3c47179715863680_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

backdoor dropper trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  739337e86d5fc3ee3c47179715863680_NeikiAnalytics.exe
- Size
  
  384KB
- MD5
  
  739337e86d5fc3ee3c47179715863680
- SHA1
  
  e6609f359784adc53ee9fcdc360489b70045aebe
- SHA256
  
  89640cd301e0dfb7431636bd53acc1c8592659cd90f1e96b2ff75d85375b4be6
- SHA512
  
  3e69346b9878daa96853b983702a434365101e4a6302b35e96497d1245242cba950903b6aeee387eb6f876b19bfd0414a546cbab6faf63a5ffa9c07e2b829b02
- SSDEEP
  
  6144:CXKv4gdFKjnyRlJfjkEjiPISUOgW9X+hOGzC/NM:xQXjyljkmZzcukG2/
Score

10^/10

backdoor dropper trojan
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordroppertrojan

behavioral2

backdoordroppertrojan

© 2018-2024

Terms | Privacy