Behavioral task
behavioral1
Sample
3a435a972f0d66cbcdc7cbeb282d4f8915144c5bc7bb526d43f29d28ebc454ed.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
3a435a972f0d66cbcdc7cbeb282d4f8915144c5bc7bb526d43f29d28ebc454ed.exe
Resource
win10v2004-20241007-en
General
-
Target
3a435a972f0d66cbcdc7cbeb282d4f8915144c5bc7bb526d43f29d28ebc454ed
-
Size
400KB
-
MD5
647c83e180f307deb227a206dfac2562
-
SHA1
70581ad90f6be18b5f4fd11b65606ed7159034e2
-
SHA256
3a435a972f0d66cbcdc7cbeb282d4f8915144c5bc7bb526d43f29d28ebc454ed
-
SHA512
f335056248baec73501a637949a518520f594504239a239b764948ba40135ed4f9acb93ea043dc376eff6c3e034ea3d487495559a3aa00ad53f6615236e26629
-
SSDEEP
12288:7puUcoV3/+zrWAI5KFum/+zrWAIAqWim/k:7xcc3m0BmmvFimc
Malware Config
Extracted
berbew
http://f/wcmd.htm
http://f/ppslog.php
http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Signatures
-
Berbew family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 3a435a972f0d66cbcdc7cbeb282d4f8915144c5bc7bb526d43f29d28ebc454ed
Files
-
3a435a972f0d66cbcdc7cbeb282d4f8915144c5bc7bb526d43f29d28ebc454ed.exe windows:1 windows x86 arch:x86
26babd76bbb7f9c516a338b0601b4c9f
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
wsock32
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ioctlsocket
listen
recv
select
send
socket
ole32
CoCreateInstance
CLSIDFromString
CoTaskMemFree
CoInitialize
CoUninitialize
oleaut32
SysAllocString
wininet
DeleteUrlCacheEntry
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
kernel32
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileSize
GetFileTime
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
CloseHandle
GetProcAddress
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GetWindowsDirectoryA
GlobalMemoryStatus
CopyFileA
InterlockedIncrement
IsBadReadPtr
IsBadWritePtr
LoadLibraryA
CreateDirectoryA
LocalAlloc
LocalFree
OpenFile
OpenMutexA
OpenProcess
PeekNamedPipe
CreateFileA
ReadFile
RemoveDirectoryA
RtlUnwind
SetFileAttributesA
SetFilePointer
CreateMutexA
Sleep
TerminateProcess
TerminateThread
CreatePipe
VirtualQuery
CreateProcessA
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
lstrlenA
lstrlenW
CreateThread
DeleteFileA
user32
GetWindowTextA
GetWindowRect
FindWindowA
GetWindow
IsWindowVisible
GetClassNameA
GetForegroundWindow
LoadCursorA
SetTimer
KillTimer
RegisterClassA
GetMessageA
CreateDesktopA
SetThreadDesktop
GetThreadDesktop
TranslateMessage
DispatchMessageA
SendMessageA
CharUpperBuffA
OemToCharA
PostQuitMessage
ShowWindow
CreateWindowExA
DestroyWindow
DefWindowProcA
gdi32
GetStockObject
DeleteObject
advapi32
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetSecurityInfo
SetSecurityInfo
SetEntriesInAclA
crtdll
_itoa
__GetMainArgs
_sleep
_strcmpi
_stricmp
atoi
exit
memcpy
memset
raise
rand
signal
sprintf
srand
sscanf
strcat
strchr
strncmp
Sections
.text Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 122KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.flh Size: 512B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ