Behavioral task
behavioral1
Sample
5602fa12185b78e9afda0e83f6542fd577d63295e81d6899f8b7e9c88bb75fc1N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5602fa12185b78e9afda0e83f6542fd577d63295e81d6899f8b7e9c88bb75fc1N.exe
Resource
win10v2004-20240802-en
General
-
Target
5602fa12185b78e9afda0e83f6542fd577d63295e81d6899f8b7e9c88bb75fc1N
-
Size
128KB
-
MD5
da84ab798587ce9c17ca1ff7ac499b90
-
SHA1
427b318368298277ab65ec3aab7574425b5a1127
-
SHA256
5602fa12185b78e9afda0e83f6542fd577d63295e81d6899f8b7e9c88bb75fc1
-
SHA512
54f32cda4e78b3f584d21ebc1e94616a2bc6891d4070ba2703e976546e8c8cf9754a5ccaf10efb742827cb7a8901e5465e1144a4e1e4f6e8d1aab527a766b36f
-
SSDEEP
3072:CikNCXcBHn4aTexlj9pui6yYPaI7DehizrVtN:zkwX4HGRpui6yYPaIGc
Malware Config
Extracted
berbew
http://viruslist.com/wcmd.txt
http://viruslist.com/ppslog.php
http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Signatures
-
Berbew family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 5602fa12185b78e9afda0e83f6542fd577d63295e81d6899f8b7e9c88bb75fc1N
Files
-
5602fa12185b78e9afda0e83f6542fd577d63295e81d6899f8b7e9c88bb75fc1N.exe windows:1 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 45KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 122KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ajelhf Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.idata Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 1024B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ