Behavioral task
behavioral1
Sample
6071df3a321420022524cb07893ee1cf.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
6071df3a321420022524cb07893ee1cf.exe
Resource
win10v2004-20231215-en
General
-
Target
6071df3a321420022524cb07893ee1cf.exe
-
Size
1.2MB
-
MD5
6071df3a321420022524cb07893ee1cf
-
SHA1
ce052da87a7c593f96ce29eea821ed29138645f6
-
SHA256
80d2cbf160d6b739052872bd8d549dc709500333728111f99d9b69e876f68b0e
-
SHA512
f0badf794aa465afcce9a6fea9fad1370dc8c0be4f35616f9429530b6a8c7051952158ceb53527784fc112b4f18b143a6807ee039a7f727fca2398172e9d60ba
-
SSDEEP
24576:a5m0BmmvFimm0MTP7hm0BmmvFimm0SGT8P402fo06YE1+91vK3xDWGk4A:kiLiZGT8P4Zfo06h1+91vOaGBA
Malware Config
Signatures
-
Berbew family
-
Malware Dropper & Backdoor - Berbew 1 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule sample family_berbew -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 6071df3a321420022524cb07893ee1cf.exe
Files
-
6071df3a321420022524cb07893ee1cf.exe.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 122KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.flh Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ