berbew | 04cf09d68bbc9b6e66be627b5ee48b550d7ad6421feb37f1218c0806afba0555 | Triage

Submit
Reports

Overview

overview

Static

static

4df0ef6655...cs.exe

windows7-x64

4df0ef6655...cs.exe

windows10-2004-x64

Sharing

General

Target

4df0ef6655cfc3d7696f740439571db0_NeikiAnalytics.exe
Size

768KB
Sample

240605-lb9bjscf67
MD5

4df0ef6655cfc3d7696f740439571db0
SHA1

afd880e380a7a30cac065859aeb6fc5ad857a3dc
SHA256

04cf09d68bbc9b6e66be627b5ee48b550d7ad6421feb37f1218c0806afba0555
SHA512

a9c464f5bf95e71d3b81810a0876b40364807a93918538e86baf1ac0211b721158c6627c8e362512b64fabb91632b6018bda7389d27c17888245de07759c14d4
SSDEEP

24576:qW298E8ufgSRWPod2nRs4AKgzyw0ZN+pUdGOvCJw26cV/JKuylm69T:a98E8u4nAdJ4AKgzyw0ZN+pUdGECJwNZ

Score

10^/10

berbew backdoor dropper trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

4df0ef6655cfc3d7696f740439571db0_NeikiAnalytics.exe

Resource

win7-20240508-en

backdoor dropper trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4df0ef6655cfc3d7696f740439571db0_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

backdoor dropper trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  4df0ef6655cfc3d7696f740439571db0_NeikiAnalytics.exe
- Size
  
  768KB
- MD5
  
  4df0ef6655cfc3d7696f740439571db0
- SHA1
  
  afd880e380a7a30cac065859aeb6fc5ad857a3dc
- SHA256
  
  04cf09d68bbc9b6e66be627b5ee48b550d7ad6421feb37f1218c0806afba0555
- SHA512
  
  a9c464f5bf95e71d3b81810a0876b40364807a93918538e86baf1ac0211b721158c6627c8e362512b64fabb91632b6018bda7389d27c17888245de07759c14d4
- SSDEEP
  
  24576:qW298E8ufgSRWPod2nRs4AKgzyw0ZN+pUdGOvCJw26cV/JKuylm69T:a98E8u4nAdJ4AKgzyw0ZN+pUdGECJwNZ
Score

10^/10

backdoor dropper trojan
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordroppertrojan

behavioral2

backdoordroppertrojan

© 2018-2024

Terms | Privacy