Analysis
-
max time kernel
117s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
07-12-2024 19:17
General
-
Target
6fbc09d09c2290b681d47b26da4f2dfb8649ee4e424af854ce516eb20939c6f5N.exe
-
Size
472KB
-
MD5
fdb3bd53db5da8dbde523bce6d2cd740
-
SHA1
984c2431d4898ea8a644ac846e22da16c0215b03
-
SHA256
6fbc09d09c2290b681d47b26da4f2dfb8649ee4e424af854ce516eb20939c6f5
-
SHA512
f194ce776a71ac0534f4dcfe5c7428549f3dc293c9b492ddaf0ded88299c8596743518fd6d2bd0f15dd9d562b6370fbe0868050252abc8cffae5af206a001cbb
-
SSDEEP
3072:68RinudiP52xx67lLdyiHDoCzevDH6CevZ4EOssM:3kgiPA6RgPAMDH6/Z4Er
Score
10/10
Malware Config
Signatures
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6fbc09d09c2290b681d47b26da4f2dfb8649ee4e424af854ce516eb20939c6f5N.exe"C:\Users\Admin\AppData\Local\Temp\6fbc09d09c2290b681d47b26da4f2dfb8649ee4e424af854ce516eb20939c6f5N.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 362⤵
- Program crash
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
472KB