berbew | e73ea851a05c004157c6e41a3d6aa84ceefe4b82369ab9b79a385dccff33d78a | Triage

Submit
Reports

Overview

overview

Static

static

5daf9572c2...cs.exe

windows7-x64

5daf9572c2...cs.exe

windows10-2004-x64

Sharing

General

Target

5daf9572c2a632329758888668015d80_NeikiAnalytics.exe
Size

282KB
Sample

240526-d9geesdf2w
MD5

5daf9572c2a632329758888668015d80
SHA1

706452dd65d03cb83e3f3a99efc06d9c995272d8
SHA256

e73ea851a05c004157c6e41a3d6aa84ceefe4b82369ab9b79a385dccff33d78a
SHA512

3f5d8da190a1bae56d7245e8745debe2a85e97cc6da8dd26cd23ab58582dd5e3d93d979bd2c608a2140d653352eac7abc246c23a1ee9d8827e90989087fc96c3
SSDEEP

6144:ustaRDOzrIzIAUdL+SkEjiPISUOgW9X+hOGzC/:e8zXdVkmZzcukG2/

Score

10^/10

berbew backdoor dropper trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

5daf9572c2a632329758888668015d80_NeikiAnalytics.exe

Resource

win7-20240508-en

backdoor dropper trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

5daf9572c2a632329758888668015d80_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

backdoor dropper trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  5daf9572c2a632329758888668015d80_NeikiAnalytics.exe
- Size
  
  282KB
- MD5
  
  5daf9572c2a632329758888668015d80
- SHA1
  
  706452dd65d03cb83e3f3a99efc06d9c995272d8
- SHA256
  
  e73ea851a05c004157c6e41a3d6aa84ceefe4b82369ab9b79a385dccff33d78a
- SHA512
  
  3f5d8da190a1bae56d7245e8745debe2a85e97cc6da8dd26cd23ab58582dd5e3d93d979bd2c608a2140d653352eac7abc246c23a1ee9d8827e90989087fc96c3
- SSDEEP
  
  6144:ustaRDOzrIzIAUdL+SkEjiPISUOgW9X+hOGzC/:e8zXdVkmZzcukG2/
Score

10^/10

backdoor dropper trojan
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordroppertrojan

behavioral2

backdoordroppertrojan

© 2018-2024

Terms | Privacy