General

  • Target

    5a5dcf503745a6d46ae1f4fb5dbd83d0_NeikiAnalytics.exe

  • Size

    276KB

  • Sample

    240526-dt389adf88

  • MD5

    5a5dcf503745a6d46ae1f4fb5dbd83d0

  • SHA1

    7f14c44b34dbf1246bf88df071167114af80419f

  • SHA256

    a560207b31b6939697c4f0db61c0016255ed5f3d8722e4945ac96c12389bdeb8

  • SHA512

    c1f73e470cde7e09662a0415491c900e558075d449bf0669da636e128bf6c9a09495c73b84da695a198cb6a2b1b1dc0eea2214e852c670b706ad28f15cfd5d2a

  • SSDEEP

    6144:BV3TORLSdn7MUZst5qXsunbLwMddjPXmF6EC1LlzxAKN+xTU5AX/KXWZCKl/j:3SR+pMUQunbpd/mF6ECJlzxAKN2X/WW7

Malware Config

Targets

    • Target

      5a5dcf503745a6d46ae1f4fb5dbd83d0_NeikiAnalytics.exe

    • Size

      276KB

    • MD5

      5a5dcf503745a6d46ae1f4fb5dbd83d0

    • SHA1

      7f14c44b34dbf1246bf88df071167114af80419f

    • SHA256

      a560207b31b6939697c4f0db61c0016255ed5f3d8722e4945ac96c12389bdeb8

    • SHA512

      c1f73e470cde7e09662a0415491c900e558075d449bf0669da636e128bf6c9a09495c73b84da695a198cb6a2b1b1dc0eea2214e852c670b706ad28f15cfd5d2a

    • SSDEEP

      6144:BV3TORLSdn7MUZst5qXsunbLwMddjPXmF6EC1LlzxAKN+xTU5AX/KXWZCKl/j:3SR+pMUQunbpd/mF6ECJlzxAKN2X/WW7

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Malware Dropper & Backdoor - Berbew

      Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Tasks