berbew | 76398ba1de08960b2d6fbe1ab9610323_JaffaCakes118[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

76398ba1de08960b2d6fbe1ab9610323_JaffaCakes118.exe
Size

353KB
MD5

76398ba1de08960b2d6fbe1ab9610323
SHA1

ed66207179c6a6daf51637da0c657959e8710d3c
SHA256

21d324cf0702a53551b9979c3b56c441845dcee755307aa2804bd3b4dbc2cddb
SHA512

8f1e775914e90fc9a815694074d03ee5a750f225adb4d384c8600b8db2fe9af749a904aa9c7bbc73e889e543fe66992f64f64e4e863707b68d24f1edbeb84a5f
SSDEEP

6144:jBs273K7LyXLQQIIIhg6XXXDzXXX13s2III/TAXXXmHLIIIhTXXXqhIIIVXXXRRz:jK2CQIII1XXX/XXX62III/UXXXmrIII5

Score

10^/10

backdoor trojan dropper berbew

Malware Config

Signatures

Berbew family
berbew

Malware Dropper & Backdoor - Berbew 1 IoCs

Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.

backdoor trojan dropper

resource	yara_rule
sample	family_berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76398ba1de08960b2d6fbe1ab9610323_JaffaCakes118.exe

Files

76398ba1de08960b2d6fbe1ab9610323_JaffaCakes118.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.rsrc Size: 20KB - Virtual size: 19KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.tls Size: 8KB - Virtual size: 8KB

.pdata Size: 12KB - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 4KB

.pdata Size: 8KB - Virtual size: 8KB

.text Size: 8KB - Virtual size: 8KB

.text Size: 4KB - Virtual size: 4KB

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 4KB

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 8KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.text Size: 12KB - Virtual size: 12KB

.idata Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.rsrc
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.tls
Size: 8KB - Virtual size: 8KB

.pdata
Size: 12KB - Virtual size: 12KB

.idata
Size: 4KB - Virtual size: 4KB

.pdata
Size: 8KB - Virtual size: 8KB

.text
Size: 8KB - Virtual size: 8KB

.text
Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.text
Size: 12KB - Virtual size: 12KB

.idata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB