berbew | 628df64a8e600ecbc5c5116f88e78041a0003d492b41195c3a7f6aea0f3ad61fN | Triage

Sharing

Copy URL Twitter E-mail

General

Target

628df64a8e600ecbc5c5116f88e78041a0003d492b41195c3a7f6aea0f3ad61fN
Size

208KB
MD5

d501c6a66547fb1a936dd6264bddf9d0
SHA1

3a2cb964081c6d01507734d655bcbaf6123afbbc
SHA256

628df64a8e600ecbc5c5116f88e78041a0003d492b41195c3a7f6aea0f3ad61f
SHA512

fe27b0f8dcb983a70d6d02fd59fa42467edf7d084e3ce94cf0c60f222839c1eaaeb9df9df2dbe519e5168ca03feb295e5f01b91366d923b3a3fff7df1cfeae66
SSDEEP

6144:qkf+UJc70DX4EYtCwGtMtkiXOoloMr1JeSldqP7+x55KmC:JfrJAChtMtkM71r1MSXqPix55Kx

Score

10^/10

berbew

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Signatures

Berbew family
berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
628df64a8e600ecbc5c5116f88e78041a0003d492b41195c3a7f6aea0f3ad61fN

Files

628df64a8e600ecbc5c5116f88e78041a0003d492b41195c3a7f6aea0f3ad61fN
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ