berbew | 02e383641d1bee1031cb12872c7fa9782b8de3bda07f2cfb1613aa19cadf046e | Triage

Submit
Reports

Overview

overview

Static

static

d41eac03cf...cs.exe

windows7-x64

d41eac03cf...cs.exe

windows10-2004-x64

Sharing

General

Target

d41eac03cf654c9e4657ad9fdc374fd0_NeikiAnalytics.exe
Size

448KB
Sample

240604-yqq5qshg3s
MD5

d41eac03cf654c9e4657ad9fdc374fd0
SHA1

83a7997fdbeee20cb9991b0770d55539e04d374a
SHA256

02e383641d1bee1031cb12872c7fa9782b8de3bda07f2cfb1613aa19cadf046e
SHA512

98351697d45eba18bc12111f8c2f299e2d0e612ce85eba844a8392810ea24a4f9348adc5a769076ae604cdcedf7c1c8d13a14250ded528ea8650cc2ca20bd927
SSDEEP

6144:5QaQvgqRJLU/UkEjiPISUOgW9X+hOGzC/NM:5jQ1tkmZzcukG2/

Score

10^/10

berbew backdoor dropper trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

d41eac03cf654c9e4657ad9fdc374fd0_NeikiAnalytics.exe

Resource

win7-20240508-en

backdoor dropper trojan

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

d41eac03cf654c9e4657ad9fdc374fd0_NeikiAnalytics.exe

Resource

win10v2004-20240508-en

backdoor dropper trojan

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  d41eac03cf654c9e4657ad9fdc374fd0_NeikiAnalytics.exe
- Size
  
  448KB
- MD5
  
  d41eac03cf654c9e4657ad9fdc374fd0
- SHA1
  
  83a7997fdbeee20cb9991b0770d55539e04d374a
- SHA256
  
  02e383641d1bee1031cb12872c7fa9782b8de3bda07f2cfb1613aa19cadf046e
- SHA512
  
  98351697d45eba18bc12111f8c2f299e2d0e612ce85eba844a8392810ea24a4f9348adc5a769076ae604cdcedf7c1c8d13a14250ded528ea8650cc2ca20bd927
- SSDEEP
  
  6144:5QaQvgqRJLU/UkEjiPISUOgW9X+hOGzC/NM:5jQ1tkmZzcukG2/
Score

10^/10

backdoor dropper trojan
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordroppertrojan

behavioral2

backdoordroppertrojan

© 2018-2024

Terms | Privacy