berbew | 08c6594c4add4fce5d5b203684efee10cbfeea469e0508e58fbb57b464dcd9e7 | Triage

Submit
Reports

Overview

overview

Static

static

notifier.exe

windows7-x64

notifier.exe

windows10-2004-x64

Sharing

General

Target

notifier.exe
Size

13.1MB
Sample

241011-17qawaxbjb
MD5

348141b3b6706f353edd9c5e71a10fbe
SHA1

25970e5a60e2fcd7c02a1b163ed89897cfa44549
SHA256

08c6594c4add4fce5d5b203684efee10cbfeea469e0508e58fbb57b464dcd9e7
SHA512

e86cfed3b032c1a1c4d4376dd0b510ec33d1f300e1e733b691882e58539109715d76e28b91112f46335bb2199a6efdd998ab0f8f0105cd4319f85b2bd160046e
SSDEEP

393216:iGV21SQhZ2YsHFUK2Jn1+TtIiFQS2NXNsIX3WabTToj:dFQZ2YwUlJn1QtIm28Inpzo

Score

10^/10

berbew doomrat antivm apt backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter upx adware backdoor pyinstaller upx

Static task

static1

pyinstaller adware antivm apt upx backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiter doomrat

4 signatures

Behavioral task

behavioral1

Sample

notifier.exe

Resource

win7-20240903-en

windows7-x64

3 signatures

30 seconds

Behavioral task

behavioral2

Sample

notifier.exe

Resource

win10v2004-20241007-en

berbew backdoor upx

windows10-2004-x64

6 signatures

30 seconds

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

- Target
  
  notifier.exe
- Size
  
  13.1MB
- MD5
  
  348141b3b6706f353edd9c5e71a10fbe
- SHA1
  
  25970e5a60e2fcd7c02a1b163ed89897cfa44549
- SHA256
  
  08c6594c4add4fce5d5b203684efee10cbfeea469e0508e58fbb57b464dcd9e7
- SHA512
  
  e86cfed3b032c1a1c4d4376dd0b510ec33d1f300e1e733b691882e58539109715d76e28b91112f46335bb2199a6efdd998ab0f8f0105cd4319f85b2bd160046e
- SSDEEP
  
  393216:iGV21SQhZ2YsHFUK2Jn1+TtIiFQS2NXNsIX3WabTToj:dFQZ2YwUlJn1QtIm28Inpzo
Score

10^/10

berbew backdoor upx
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Cats the Freakster
  my daddy freakster was mentioned in this file 🥵
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

pyinstalleradware antivm apt upx backdoor banker bootkit botnet clipper collection crypter discovery downloader dropper evasion exploit exploiterdoomrat

behavioral1

behavioral2

berbewbackdoorupx

© 2018-2024

Terms | Privacy