berbew | d9e3aa37acc7a438582010127eeafe01c9d035e9236992404de336fbe34165c4 | Triage

Submit
Reports

Overview

overview

Static

static

4287f1f26f...cs.exe

windows7-x64

4287f1f26f...cs.exe

windows10-2004-x64

Sharing

General

Target

4287f1f26f5e36e33e73b7fb32d78c00_NeikiAnalytics.exe
Size

125KB
Sample

240604-j3gz9sah88
MD5

4287f1f26f5e36e33e73b7fb32d78c00
SHA1

7769c720726c9ad9a31d0b6bd0aabb77d179b57c
SHA256

d9e3aa37acc7a438582010127eeafe01c9d035e9236992404de336fbe34165c4
SHA512

5e740a70c460baa0672e7859d5cdc1b2695b5cdae69355ed580766efdd7783f906bac1a71851d803058f2a36f3a6fb9a72208d777df47fe154c954b5fe1bb689
SSDEEP

3072:Uo8FuBFiGU98DMjEXc5nQcd1WdTCn93OGey/ZhJakrPF:18FuboaDMjEMQceTCndOGeKTaG

Score

10^/10

berbew backdoor dropper persistence trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

4287f1f26f5e36e33e73b7fb32d78c00_NeikiAnalytics.exe

Resource

win7-20240221-en

backdoor dropper persistence trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

4287f1f26f5e36e33e73b7fb32d78c00_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

backdoor dropper persistence trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  4287f1f26f5e36e33e73b7fb32d78c00_NeikiAnalytics.exe
- Size
  
  125KB
- MD5
  
  4287f1f26f5e36e33e73b7fb32d78c00
- SHA1
  
  7769c720726c9ad9a31d0b6bd0aabb77d179b57c
- SHA256
  
  d9e3aa37acc7a438582010127eeafe01c9d035e9236992404de336fbe34165c4
- SHA512
  
  5e740a70c460baa0672e7859d5cdc1b2695b5cdae69355ed580766efdd7783f906bac1a71851d803058f2a36f3a6fb9a72208d777df47fe154c954b5fe1bb689
- SSDEEP
  
  3072:Uo8FuBFiGU98DMjEXc5nQcd1WdTCn93OGey/ZhJakrPF:18FuboaDMjEMQceTCndOGeKTaG
Score

10^/10

backdoor dropper persistence trojan
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordropperpersistencetrojan

behavioral2

backdoordropperpersistencetrojan

© 2018-2024

Terms | Privacy