Behavioral task
behavioral1
Sample
5a5dcf503745a6d46ae1f4fb5dbd83d0_NeikiAnalytics.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
5a5dcf503745a6d46ae1f4fb5dbd83d0_NeikiAnalytics.exe
Resource
win10v2004-20240226-en
General
-
Target
5a5dcf503745a6d46ae1f4fb5dbd83d0_NeikiAnalytics.exe
-
Size
276KB
-
MD5
5a5dcf503745a6d46ae1f4fb5dbd83d0
-
SHA1
7f14c44b34dbf1246bf88df071167114af80419f
-
SHA256
a560207b31b6939697c4f0db61c0016255ed5f3d8722e4945ac96c12389bdeb8
-
SHA512
c1f73e470cde7e09662a0415491c900e558075d449bf0669da636e128bf6c9a09495c73b84da695a198cb6a2b1b1dc0eea2214e852c670b706ad28f15cfd5d2a
-
SSDEEP
6144:BV3TORLSdn7MUZst5qXsunbLwMddjPXmF6EC1LlzxAKN+xTU5AX/KXWZCKl/j:3SR+pMUQunbpd/mF6ECJlzxAKN2X/WW7
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource 5a5dcf503745a6d46ae1f4fb5dbd83d0_NeikiAnalytics.exe
Files
-
5a5dcf503745a6d46ae1f4fb5dbd83d0_NeikiAnalytics.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 132KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.gfcd Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ