General

  • Target

    4684a0d3243ba0abb4ee656d696433f0_NeikiAnalytics.exe

  • Size

    96KB

  • Sample

    240526-blgzyahd6z

  • MD5

    4684a0d3243ba0abb4ee656d696433f0

  • SHA1

    e492225e0735ded1b69cba4a7105ac66e7677a23

  • SHA256

    c2e1a1da0af63bfb6a4ea33c7158b4f72bf8cc9ca454f5b6813c85af49edbd68

  • SHA512

    6736a271e4418b1a499d680c03f087a2bb03f087e923199e49ee4fe15fcd844f9adc20dfd95f331b711ccef4e466a71f17395ef60f87038c37e7933eb5e34d80

  • SSDEEP

    1536:78KGyAaTaa0CSmdHEbSqZAyvLowIQqZqhdv2LNaIZTJ+7LhkiB0MPiKeEAgH:XJVSNb/LowI0/0NaMU7uihJ5

Malware Config

Targets

    • Target

      4684a0d3243ba0abb4ee656d696433f0_NeikiAnalytics.exe

    • Size

      96KB

    • MD5

      4684a0d3243ba0abb4ee656d696433f0

    • SHA1

      e492225e0735ded1b69cba4a7105ac66e7677a23

    • SHA256

      c2e1a1da0af63bfb6a4ea33c7158b4f72bf8cc9ca454f5b6813c85af49edbd68

    • SHA512

      6736a271e4418b1a499d680c03f087a2bb03f087e923199e49ee4fe15fcd844f9adc20dfd95f331b711ccef4e466a71f17395ef60f87038c37e7933eb5e34d80

    • SSDEEP

      1536:78KGyAaTaa0CSmdHEbSqZAyvLowIQqZqhdv2LNaIZTJ+7LhkiB0MPiKeEAgH:XJVSNb/LowI0/0NaMU7uihJ5

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Malware Dropper & Backdoor - Berbew

      Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks