not_berm | seraaa369[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

seraaa369.exe
Size

343KB
MD5

d1e4fbce267d2f68ebb8ba2cc3f1e670
SHA1

c5a850c129cd5f5f881b5716028ff1b99e5b6388
SHA256

82462ee2fb0ae11dc2f7658c57f61c4218af321bdc73903601613869e9a47f60
SHA512

8b170591c3d90b8f570669843c7993fa3d002439fb3b2114a1924cfbb205b60d9505ca1eb9032485613b6c5a3e40c2bfd510ec2c79c132716431c6a20b4375e5
SSDEEP

6144:5A2mEtcdtUfiyhyBhMr3LEugPllBKV0v2DKwXehxKQScbMyEKLbiNiyf+oZM6KpB:5A2gdtUfiyh8hSLEugPlXdvdxKrZK/iY

Score

10^/10

taggie_berm_you_are_it not_berm

Malware Config

Signatures

Not_berm family
not_berm

match_everything 1 IoCs

This rule matches all.

taggie_berm_you_are_it

resource	yara_rule
sample	match_everything

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
seraaa369.exe

Files

seraaa369.exe
.exe windows:4 windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ