berbew | 4d1d6f2389185c5bd853b15638c0d991c50bdb003aa761e6bd7533af6f35b494 | Triage

Sharing

General

Target

4d1d6f2389185c5bd853b15638c0d991c50bdb003aa761e6bd7533af6f35b494N.exe
Size

64KB
Sample

241222-kee2fa1lcy
MD5

a0824fa6e8b2919b8e1a67b75f6ac8a0
SHA1

201d23a53c2ef1f1d5a26235540fc2472ca4080a
SHA256

4d1d6f2389185c5bd853b15638c0d991c50bdb003aa761e6bd7533af6f35b494
SHA512

4a0ea412895161b62da555753f4fe26d8a91d7ee35adb2287390c116bec89d8902ad1eee42f8c78c30df2db9907fa8e78e9bbb3980f1ac7cb283d84681fa6d6c
SSDEEP

768:M8s2O3YdJPYKAMJUdf6Iz1nV0/9SDmzVvO1aCEYwya/1H5iXdnhgOPuM1DPY:js2O3GJgKti9h2QmU1YYE6ZuYDPY

Score

10^/10

berbew backdoor discovery persistence

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

http://promo.ru/index.htm

http://potleaf.chat.ru/index.htm

Targets

- Target
  
  4d1d6f2389185c5bd853b15638c0d991c50bdb003aa761e6bd7533af6f35b494N.exe
- Size
  
  64KB
- MD5
  
  a0824fa6e8b2919b8e1a67b75f6ac8a0
- SHA1
  
  201d23a53c2ef1f1d5a26235540fc2472ca4080a
- SHA256
  
  4d1d6f2389185c5bd853b15638c0d991c50bdb003aa761e6bd7533af6f35b494
- SHA512
  
  4a0ea412895161b62da555753f4fe26d8a91d7ee35adb2287390c116bec89d8902ad1eee42f8c78c30df2db9907fa8e78e9bbb3980f1ac7cb283d84681fa6d6c
- SSDEEP
  
  768:M8s2O3YdJPYKAMJUdf6Iz1nV0/9SDmzVvO1aCEYwya/1H5iXdnhgOPuM1DPY:js2O3GJgKti9h2QmU1YYE6ZuYDPY
Score

10^/10

berbew backdoor discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Berbew family
  berbew
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbackdoordiscoverypersistence

behavioral2

berbewbackdoordiscoverypersistence