MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1dc258f62a426770b8256d9310eb1ab60004ec0bb21ca782374131787aad8021. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	1dc258f62a426770b8256d9310eb1ab60004ec0bb21ca782374131787aad8021
SHA3-384 hash:	c23b53c29f80ab3e2be32fa2fd60216604e39799f7d05709303ffc50ce23892ca7ded9f0016922297a73cecc251c2d0e
SHA1 hash:	c8332460139dbc743b4889685c91dbaf231e8a86
MD5 hash:	3a2d273a0d6911a4a6c0e83b644cc341
humanhash:	autumn-don-item-floor
File name:	1dc258f62a426770b8256d9310eb1ab60004ec0bb21ca782374131787aad8021
Download:	download sample
File size:	261'120 bytes
First seen:	2020-06-03 09:22:54 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	a64e048b98d051ae6e6b6334f77c95d3 (7 x Berbew)
ssdeep	3072:skjGNyU7hA3GRudzVG6QNx5Rf1FsXaFDKdhk3pIXW8TprCAm1mTDKaFDKdhk3pIX:/ZU7hsGWzVENLFsXaeXW8laeKaeX
Threatray	183 similar samples on MalwareBazaar
TLSH	BD44585EA4AD7993FCB30633275E432CBD4BDC680FB682982541A534BBCD1CE5DE6281
Reporter	raashidbhatt
Tags:	exe

Intelligence

File Origin

# of uploads :

1

# of downloads :

64

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Trojan.Crypted-31

Win.Trojan.Crypted-29

Win.Trojan.Obfus-38

Win.Malware.Qukart-6838239-0

Gathering data

Threat name:

Win32.Trojan.Berbew

Status:

Malicious

First seen:

2020-06-03 11:08:50 UTC

AV detection:

31 of 31 (100.00%)

Threat level:

5/5

Verdict:

unknown

Similar samples:

2c7e90fc280cd1b4c9e3cde8139d79b23e525e48012b562892e7ed6b011dabef

40c3260b3f5608fba98d2791939a279c0f1b0cb01b90740f68c9461202157ec4

451c83459306c6bd2b2f061f254a19a0ad87a9c120f4c75ba4b02b5b45b6f4ba

4ecfa9c9251d5f053bca1c78b0e43563771188a1d523f6ba0564898538c4b434

6c8a9fdb82fa1dbf236f26e846d31827ff97e936febc37526d255a4bf397f3ae

8764c6051832730c76fb0e17a0565c7c9daacc87f0020f995c83b7e0dd63b4e3

984105c172a024a38e8de590e228a3064d93b6d0b44d54b2b2cb160322f26db4

cde8366dcb7f3a05b1ed90853cfe95ce2f52e29cdf442182eeafb9862e293360

d5891d6b6008123f28484d372b6d0fbe9680818fcc3e961b01c50a7806535bdb

f3bf81fdb47c25c5f9b44c8b3e96c191e53766bd9d536ec878574526ef824114

+ 173 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

10/10

Tags:

persistence

Link:

https://tria.ge/reports/201109-v1l18t59g6/

Behaviour

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Program crash

Drops file in System32 directory

Loads dropped DLL

Executes dropped EXE

Adds autorun key to be loaded by Explorer.exe on startup

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample