berbew | b292e010a4579ae2ed6e93e93ba9807d920486e9963d5d7dccca1e40d4c4fdb4 | Triage

Submit
Reports

Overview

overview

Static

static

c62bad9489...cs.exe

windows7-x64

c62bad9489...cs.exe

windows10-2004-x64

Sharing

General

Target

c62bad94893424ac5655bde8f6e87910_NeikiAnalytics.exe
Size

172KB
Sample

240526-lbk9qade3z
MD5

c62bad94893424ac5655bde8f6e87910
SHA1

ecda214d48a12bc06d419be52b89cd68a6de9a2e
SHA256

b292e010a4579ae2ed6e93e93ba9807d920486e9963d5d7dccca1e40d4c4fdb4
SHA512

6787ac4ad5a787673183de0a42659d82431be071f1b35eeed7dc9bdd40bb6e6e729a673568a39dbe255ddc7d5044cc0fed53fb0da5099bca203926a2ae988e5e
SSDEEP

3072:EmVwRKCzG7wIxY6UT+THFLKcRaTOuNfnn4h1UiGe7r0/yTE:EmVnkG7Rx1Ui7F9RuOO48iJH0qo

Score

10^/10

berbew backdoor dropper evasion trojan upx

Static task

static1

upx backdoor trojan dropper berbew

4 signatures

Behavioral task

behavioral1

Sample

c62bad94893424ac5655bde8f6e87910_NeikiAnalytics.exe

Resource

win7-20240221-en

backdoor dropper evasion trojan upx

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

c62bad94893424ac5655bde8f6e87910_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

backdoor dropper evasion trojan upx

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  c62bad94893424ac5655bde8f6e87910_NeikiAnalytics.exe
- Size
  
  172KB
- MD5
  
  c62bad94893424ac5655bde8f6e87910
- SHA1
  
  ecda214d48a12bc06d419be52b89cd68a6de9a2e
- SHA256
  
  b292e010a4579ae2ed6e93e93ba9807d920486e9963d5d7dccca1e40d4c4fdb4
- SHA512
  
  6787ac4ad5a787673183de0a42659d82431be071f1b35eeed7dc9bdd40bb6e6e729a673568a39dbe255ddc7d5044cc0fed53fb0da5099bca203926a2ae988e5e
- SSDEEP
  
  3072:EmVwRKCzG7wIxY6UT+THFLKcRaTOuNfnn4h1UiGe7r0/yTE:EmVnkG7Rx1Ui7F9RuOO48iJH0qo
Score

10^/10

backdoor dropper evasion trojan upx
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Modifies visibility of file extensions in Explorer
  evasion
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

upxbackdoortrojandropperberbew

behavioral1

backdoordropperevasiontrojanupx

behavioral2

backdoordropperevasiontrojanupx

© 2018-2024

Terms | Privacy