berbew | 26e9ef71a0e2fc0deaab02c7fd6ad3c97e0a094fd7212dcd6906ee76f8cd9526N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

26e9ef71a0e2fc0deaab02c7fd6ad3c97e0a094fd7212dcd6906ee76f8cd9526N
Size

128KB
MD5

1bc2840294cd13e8bba973336e4cf510
SHA1

77b18b5879d03650880c3b88d10a1729cf246838
SHA256

26e9ef71a0e2fc0deaab02c7fd6ad3c97e0a094fd7212dcd6906ee76f8cd9526
SHA512

577b2c0df02b68c9aa59edbb2f3d343b9e0370a2d934b14e9278f132c85ce35ed4b3fcdf7ae7f56c509cc8f5ecd93e42998de19f17130fa34abb5585f433f410
SSDEEP

3072:uuPTZjVelWNvlukWe1Sle3lj9pui6yYPaI7DehizrVtN:uaZheqvlukxnpui6yYPaIGc

Score

10^/10

berbew

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Signatures

Berbew family
berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26e9ef71a0e2fc0deaab02c7fd6ad3c97e0a094fd7212dcd6906ee76f8cd9526N

Files

26e9ef71a0e2fc0deaab02c7fd6ad3c97e0a094fd7212dcd6906ee76f8cd9526N
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ