berbew | b196de6dab79cd8444462bd8f6fa175a925248939ef3c2e03863c43709bb0934N | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b196de6dab79cd8444462bd8f6fa175a925248939ef3c2e03863c43709bb0934N
Size

128KB
MD5

f3841b426fd979b4aa05e38a106828f0
SHA1

e6a967e5aa421bde1cbc6b4d8526a6de4d86899b
SHA256

b196de6dab79cd8444462bd8f6fa175a925248939ef3c2e03863c43709bb0934
SHA512

52246132874c4b576e7e782835f2350a6f40f2466f2fba0c0ffece22c0b069acfdad73e0cdff29a04709b61f061808d4d344eb5cf958ee35a313872ea0eb5d40
SSDEEP

3072:9w/T+JpKtJaIos7pdw9e5VqLAYC+O+hd07oFli0KPA9fc3EMUtwn20I:9ST+JpKtJaZsdHmLAYCtE07kli0KoCYd

Score

10^/10

berbew

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Signatures

Berbew family
berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b196de6dab79cd8444462bd8f6fa175a925248939ef3c2e03863c43709bb0934N

Files

b196de6dab79cd8444462bd8f6fa175a925248939ef3c2e03863c43709bb0934N
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ