berbew | fe0d7947d63d183f3a258806fef9a8e9540fc00b6d69f5c39d8995c8d5729e91 | Triage

Submit
Reports

Overview

overview

Static

static

4a7de389c2...cs.exe

windows7-x64

4a7de389c2...cs.exe

windows10-2004-x64

Sharing

General

Target

4a7de389c2f9e29ab77903df3a01ca00_NeikiAnalytics.exe
Size

991KB
Sample

240605-jyxvxsad4w
MD5

4a7de389c2f9e29ab77903df3a01ca00
SHA1

b0d93b3fdcff0c84ebf1703d57612bba5fc610e8
SHA256

fe0d7947d63d183f3a258806fef9a8e9540fc00b6d69f5c39d8995c8d5729e91
SHA512

9e753daf609d423dfc79ffb64cb1f13bff457b894526418ab5fe4243e5279effbde5fb11cd86a579518d53ba9e3456bbb8dc07f8689b45fd6ca379e032c1120e
SSDEEP

24576:rCWdZ7mzEyqAWVk4+5Rphmct+OlISoNa/ZSMQugi8ndZ5G:rC+tmYO+k4K/tIioNg1Qugi8ndZ5G

Score

10^/10

berbew backdoor dropper trojan

Static task

static1

backdoor trojan dropper berbew

3 signatures

Behavioral task

behavioral1

Sample

4a7de389c2f9e29ab77903df3a01ca00_NeikiAnalytics.exe

Resource

win7-20231129-en

backdoor dropper trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

4a7de389c2f9e29ab77903df3a01ca00_NeikiAnalytics.exe

Resource

win10v2004-20240426-en

backdoor dropper trojan

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  4a7de389c2f9e29ab77903df3a01ca00_NeikiAnalytics.exe
- Size
  
  991KB
- MD5
  
  4a7de389c2f9e29ab77903df3a01ca00
- SHA1
  
  b0d93b3fdcff0c84ebf1703d57612bba5fc610e8
- SHA256
  
  fe0d7947d63d183f3a258806fef9a8e9540fc00b6d69f5c39d8995c8d5729e91
- SHA512
  
  9e753daf609d423dfc79ffb64cb1f13bff457b894526418ab5fe4243e5279effbde5fb11cd86a579518d53ba9e3456bbb8dc07f8689b45fd6ca379e032c1120e
- SSDEEP
  
  24576:rCWdZ7mzEyqAWVk4+5Rphmct+OlISoNa/ZSMQugi8ndZ5G:rC+tmYO+k4K/tIioNg1Qugi8ndZ5G
Score

10^/10

backdoor dropper trojan
- Malware Dropper & Backdoor - Berbew
  Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
  backdoor trojan dropper
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

backdoortrojandropperberbew

behavioral1

backdoordroppertrojan

behavioral2

backdoordroppertrojan

© 2018-2024

Terms | Privacy