Overview

overview

10

Static

static

10

375eff8a21...cs.exe

windows7-x64

10

375eff8a21...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    375eff8a21dc7785537fb75cf0768000_NeikiAnalytics.exe

  • Size

    565KB

  • Sample

    240525-3n4ehafd87

  • MD5

    375eff8a21dc7785537fb75cf0768000

  • SHA1

    0a4ddaf3c3334de01517f72e468577b5d51bf888

  • SHA256

    0a657544d0921df2f9da1be58b36d9a021119d1fd9b3a56dbaecfdda2e9b6dd4

  • SHA512

    aebd685939071d264cbb0dcc40b438896ed53c06f4af206ec21290373bd671cd45a799672d76979a83f748cc881b2422025b778fefb2191b4103441486c245b4

  • SSDEEP

    12288:ZmrtuFjAh//+zrWAIAqWim/+zrWAI5KF8OX:ZMtuFjAh/mvFimm09OX

Score
10/10
berbewbackdoordropperpersistencetrojan

Malware Config

Targets

    • Target

      375eff8a21dc7785537fb75cf0768000_NeikiAnalytics.exe

    • Size

      565KB

    • MD5

      375eff8a21dc7785537fb75cf0768000

    • SHA1

      0a4ddaf3c3334de01517f72e468577b5d51bf888

    • SHA256

      0a657544d0921df2f9da1be58b36d9a021119d1fd9b3a56dbaecfdda2e9b6dd4

    • SHA512

      aebd685939071d264cbb0dcc40b438896ed53c06f4af206ec21290373bd671cd45a799672d76979a83f748cc881b2422025b778fefb2191b4103441486c245b4

    • SSDEEP

      12288:ZmrtuFjAh//+zrWAIAqWim/+zrWAI5KF8OX:ZMtuFjAh/mvFimm09OX

    Score
    10/10
    backdoordropperpersistencetrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Malware Dropper & Backdoor - Berbew

      Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

      backdoortrojandropper

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks