berbew | 581be70e45a40bc9e69ed04aeb98cdfa9f75c791ceb522f6d4e73b1cffc6df50 | Triage

Sharing

General

Target

581be70e45a40bc9e69ed04aeb98cdfa9f75c791ceb522f6d4e73b1cffc6df50
Size

320KB
MD5

fe15935ca93791249cd1644e61791b1b
SHA1

77df88854dc5dff98dc6f4b5d76dbc065d049211
SHA256

581be70e45a40bc9e69ed04aeb98cdfa9f75c791ceb522f6d4e73b1cffc6df50
SHA512

fad19898c26f997119220305d0d6766730f016f0b61b61d0217f85ce396e0106265e7d496310027706411e47e15d20ba710a067cd9486aa20c1d2a8cf8237578
SSDEEP

6144:+PG6kqGPJu6cZLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N4:+NkfJPXYJ07kE0KoFtw2gu9RxrBIUbP+

Score

10^/10

berbew

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Signatures

Berbew family
berbew

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
581be70e45a40bc9e69ed04aeb98cdfa9f75c791ceb522f6d4e73b1cffc6df50

Files

581be70e45a40bc9e69ed04aeb98cdfa9f75c791ceb522f6d4e73b1cffc6df50
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 122KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ajelhf
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ