General
-
Target
5a983cabb08dd7d5b78943bbc81b7a1fe5d94cdb4e3a6379d35322d631a0e1e9N
-
Size
299KB
-
Sample
241110-mqjvwavhke
-
MD5
a8d3526ef807a8218a910a1ae34a0a00
-
SHA1
64b9e4f4d7475c8bca53ed650517221fe3f0fca2
-
SHA256
5a983cabb08dd7d5b78943bbc81b7a1fe5d94cdb4e3a6379d35322d631a0e1e9
-
SHA512
c26c54102d50f8876f72e12a3c3afe6daa16731c20f92c81482789a7f1a1d665a1f9887aecb36db47ec7e2ef3d6e02bcd4eb8f8fd374613325e4eb7983e47a0c
-
SSDEEP
3072:MRZlU5FM0pGlJ/gMfSfZFweJUEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2ov:MRZ20gMfgOEdGTBki5CYtI8TAokZ2EA
Static task
static1
Behavioral task
behavioral1
Sample
5a983cabb08dd7d5b78943bbc81b7a1fe5d94cdb4e3a6379d35322d631a0e1e9N.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5a983cabb08dd7d5b78943bbc81b7a1fe5d94cdb4e3a6379d35322d631a0e1e9N.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
berbew
http://viruslist.com/wcmd.txt
http://viruslist.com/ppslog.php
http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Targets
-
-
Target
5a983cabb08dd7d5b78943bbc81b7a1fe5d94cdb4e3a6379d35322d631a0e1e9N
-
Size
299KB
-
MD5
a8d3526ef807a8218a910a1ae34a0a00
-
SHA1
64b9e4f4d7475c8bca53ed650517221fe3f0fca2
-
SHA256
5a983cabb08dd7d5b78943bbc81b7a1fe5d94cdb4e3a6379d35322d631a0e1e9
-
SHA512
c26c54102d50f8876f72e12a3c3afe6daa16731c20f92c81482789a7f1a1d665a1f9887aecb36db47ec7e2ef3d6e02bcd4eb8f8fd374613325e4eb7983e47a0c
-
SSDEEP
3072:MRZlU5FM0pGlJ/gMfSfZFweJUEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2ov:MRZ20gMfgOEdGTBki5CYtI8TAokZ2EA
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-