Overview

overview

10

Static

static

10

3ed9161bba...cs.exe

windows7-x64

10

3ed9161bba...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3ed9161bba085d43556de0363c067620_NeikiAnalytics.exe

  • Size

    456KB

  • Sample

    240526-arax5sgf73

  • MD5

    3ed9161bba085d43556de0363c067620

  • SHA1

    e330fb621cfba847e31d28c74855932678aa601f

  • SHA256

    0980312217cca1596fdd7c1bc42fb127d1a807a36e457a1a030652ac90b9f4ac

  • SHA512

    4233fb2fdf536d77e4c2ec738ec71e08cfb9b6900ace9d03e2abf55897dffdf6b86817f68c7e02a6f264853b3513c125e5eba4ec332e9174c6820e9990ccc45a

  • SSDEEP

    12288:nJwIKfDy/phgeczlqczZd7LFB3oFHoGnFjVZnykJGvpHGdm:JwFfDy/phgeczlqczZd7LFB3oFHoGnFg

Score
10/10
berbewbackdoordropperpersistencetrojan

Malware Config

Targets

    • Target

      3ed9161bba085d43556de0363c067620_NeikiAnalytics.exe

    • Size

      456KB

    • MD5

      3ed9161bba085d43556de0363c067620

    • SHA1

      e330fb621cfba847e31d28c74855932678aa601f

    • SHA256

      0980312217cca1596fdd7c1bc42fb127d1a807a36e457a1a030652ac90b9f4ac

    • SHA512

      4233fb2fdf536d77e4c2ec738ec71e08cfb9b6900ace9d03e2abf55897dffdf6b86817f68c7e02a6f264853b3513c125e5eba4ec332e9174c6820e9990ccc45a

    • SSDEEP

      12288:nJwIKfDy/phgeczlqczZd7LFB3oFHoGnFjVZnykJGvpHGdm:JwFfDy/phgeczlqczZd7LFB3oFHoGnFg

    Score
    10/10
    backdoordropperpersistencetrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Malware Dropper & Backdoor - Berbew

      Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

      backdoortrojandropper

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks