berbew | 2d8698f84ada9faa1ffa836b7cd92107e44018979b1c6ac5cc0ca1efbaacc1d8 | Triage

Submit
Reports

Overview

overview

Static

static

1e2660d4b5...cs.exe

windows7-x64

1e2660d4b5...cs.exe

windows10-2004-x64

Sharing

General

Target

1e2660d4b58cd139f2e3f76d039c64b0_NeikiAnalytics.exe
Size

772KB
Sample

240526-y2k3vsbf43
MD5

1e2660d4b58cd139f2e3f76d039c64b0
SHA1

a57f0975a17a9909e73b6e945a7f364b396036f2
SHA256

2d8698f84ada9faa1ffa836b7cd92107e44018979b1c6ac5cc0ca1efbaacc1d8
SHA512

0922d6483eaca4ac39bf53126c847ecfbaf0ea3a2888c7339df4a73e379d387ee3c2b99e30283b26de1e74566b888e25100b15419760c8f36040cdc4c6fd95df
SSDEEP

24576:qW298E8u94hQZTZ5spa+qmd6f5HpmwhNeZLLGDtEC5AoFhR4gNUagtu:a98E8uS8cpa+qmd6flpmkNeZ/GDtEC59

Score

10^/10

berbew backdoor dropper trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

1e2660d4b58cd139f2e3f76d039c64b0_NeikiAnalytics.exe

Resource

win7-20240221-en

backdoor dropper trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

1e2660d4b58cd139f2e3f76d039c64b0_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

backdoor dropper trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  1e2660d4b58cd139f2e3f76d039c64b0_NeikiAnalytics.exe
- Size
  
  772KB
- MD5
  
  1e2660d4b58cd139f2e3f76d039c64b0
- SHA1
  
  a57f0975a17a9909e73b6e945a7f364b396036f2
- SHA256
  
  2d8698f84ada9faa1ffa836b7cd92107e44018979b1c6ac5cc0ca1efbaacc1d8
- SHA512
  
  0922d6483eaca4ac39bf53126c847ecfbaf0ea3a2888c7339df4a73e379d387ee3c2b99e30283b26de1e74566b888e25100b15419760c8f36040cdc4c6fd95df
- SSDEEP
  
  24576:qW298E8u94hQZTZ5spa+qmd6f5HpmwhNeZLLGDtEC5AoFhR4gNUagtu:a98E8uS8cpa+qmd6flpmkNeZ/GDtEC59
Score

10^/10

backdoor dropper trojan
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordroppertrojan

behavioral2

backdoordroppertrojan

© 2018-2024

Terms | Privacy