berbew | 5c4e60801dd978710cdce9a43bcd6e14e3fa8e6790dc981b4ad25307628b41a0 | Triage

Submit
Reports

Overview

overview

Static

static

3

DoomRat.exe

windows11-21h2-x64

Resubmissions

27-09-2024 14:17

240927-rlvh2awfjk 10

27-09-2024 12:01

240927-n63hlatfpb 10

Sharing

General

Target

DoomRat.exe
Size

13.1MB
Sample

240927-rlvh2awfjk
MD5

567b550c62dc82e09dd15b9c32e0c72e
SHA1

3397499e49714d4bd4fbb49525cf3df06ec7d5eb
SHA256

5c4e60801dd978710cdce9a43bcd6e14e3fa8e6790dc981b4ad25307628b41a0
SHA512

5156d85a00591caa08df22f5536fc4b43099774a1d05386f4890561eaf388dedc5685c6cbe5d461da3c7fb2a7fa630291bdbb0bc56fb765cc89d1c2adfafcb35
SSDEEP

393216:bGV21SQhZ2YsHFUK2Jn1+TtIiFQS2NXNsIX3WabTToj:uFQZ2YwUlJn1QtIm28Inpzo

Score

10^/10

berbew blackmoon cobaltstrike modiloader backdoor banker pyinstaller trojan upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

DoomRat.exe

Resource

win11-20240802-en

berbew blackmoon cobaltstrike modiloader backdoor banker trojan upx

windows11-21h2-x64

10 signatures

300 seconds

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Extracted

Family

cobaltstrike

C2

http://89.197.154.115:7700/E5nu

Attributes

user_agent
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0; ASU2JS)

Targets

- Target
  
  DoomRat.exe
- Size
  
  13.1MB
- MD5
  
  567b550c62dc82e09dd15b9c32e0c72e
- SHA1
  
  3397499e49714d4bd4fbb49525cf3df06ec7d5eb
- SHA256
  
  5c4e60801dd978710cdce9a43bcd6e14e3fa8e6790dc981b4ad25307628b41a0
- SHA512
  
  5156d85a00591caa08df22f5536fc4b43099774a1d05386f4890561eaf388dedc5685c6cbe5d461da3c7fb2a7fa630291bdbb0bc56fb765cc89d1c2adfafcb35
- SSDEEP
  
  393216:bGV21SQhZ2YsHFUK2Jn1+TtIiFQS2NXNsIX3WabTToj:uFQZ2YwUlJn1QtIm28Inpzo
Score

10^/10

berbew blackmoon cobaltstrike modiloader backdoor banker trojan upx
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Cobaltstrike
  Detected malicious payload which is part of Cobaltstrike.
  trojan backdoor cobaltstrike
- Detect Blackmoon payload
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader Second Stage
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

berbewblackmooncobaltstrikemodiloaderbackdoorbankertrojanupx

© 2018-2024

Terms | Privacy