Behavioral task
behavioral1
Sample
b5244ef62168cd38ced8642cbcaff310_NeikiAnalytics.exe
Resource
win7-20240508-en
General
-
Target
b5244ef62168cd38ced8642cbcaff310_NeikiAnalytics.exe
-
Size
712KB
-
MD5
b5244ef62168cd38ced8642cbcaff310
-
SHA1
af7d393e5c20e118061199e62d3b722fdc8d7248
-
SHA256
f5d5f76dcbf0ba9e3e9b8bc383684b1f54868d5ef9047ad647bba0ae53aec584
-
SHA512
ee6c8f2c1ab2c81878c29c66e088eae1a831ff98f3161af824b12f021da7148de1d3dc6d33f6247d55a18fe4f013fd10e843b20c1677180de09e4a8db58f02a6
-
SSDEEP
12288:FU5rCOTeiDaCygJ9xTqlt5XCsq0Ycb0bC3NZdCvq5TJLCvY90D8/LVBlVk736Y7k:FUQOJDaCyg3x+x5rY60O3NnCvq5TJLC0
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
Processes:
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource b5244ef62168cd38ced8642cbcaff310_NeikiAnalytics.exe
Files
-
b5244ef62168cd38ced8642cbcaff310_NeikiAnalytics.exe.exe windows:5 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 137KB - Virtual size: 136KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 24KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 262KB - Virtual size: 283KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 50KB - Virtual size: 50KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ