berbew | 7531ffdda44edfe9f275b9606fcaa0789a3c12b99cbb1f05987897561cfb8c0a | Triage

Sharing

General

Target

250112-s3lswsxrgt_pw_infected.zip
Size

52KB
Sample

250112-s6sqls1lcp
MD5

dc3155cae614dfa08a42bf6d5b53be0a
SHA1

221a18a889a5725e2d86370dbd1f4d7bf72d2692
SHA256

7531ffdda44edfe9f275b9606fcaa0789a3c12b99cbb1f05987897561cfb8c0a
SHA512

9616a2a4ad41194b705fd64610c56fb8c4a7015630d602200a0f6450a65bd13b744f3bd32a6970597bf72783ec4c3f40a7b865370f7b704a5c551cf80a44fe77
SSDEEP

768:weKc5dcQ+Q/WEt3JUSfry4SrdqyEiWWV4P6o4TKDxts0aTN9U760anYlIikqzw:wqnYQ+USSm4SxqrWqio4TKDxKc76znC8

Score

10^/10

berbew bruteratel backdoor discovery persistence

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

http://promo.ru/index.htm

http://potleaf.chat.ru/index.htm

Targets

- Target
  
  250112-s3lswsxrgt_pw_infected.zip
- Size
  
  52KB
- MD5
  
  dc3155cae614dfa08a42bf6d5b53be0a
- SHA1
  
  221a18a889a5725e2d86370dbd1f4d7bf72d2692
- SHA256
  
  7531ffdda44edfe9f275b9606fcaa0789a3c12b99cbb1f05987897561cfb8c0a
- SHA512
  
  9616a2a4ad41194b705fd64610c56fb8c4a7015630d602200a0f6450a65bd13b744f3bd32a6970597bf72783ec4c3f40a7b865370f7b704a5c551cf80a44fe77
- SSDEEP
  
  768:weKc5dcQ+Q/WEt3JUSfry4SrdqyEiWWV4P6o4TKDxts0aTN9U760anYlIikqzw:wqnYQ+USSm4SxqrWqio4TKDxKc76znC8
Score

10^/10

berbew bruteratel backdoor discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Berbew family
  berbew
- Brute Ratel C4
  A customized command and control framework for red teaming and adversary simulation.
  backdoor bruteratel
- Bruteratel family
  bruteratel
- Detect BruteRatel badger
- Executes dropped EXE
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbruteratelbackdoordiscoverypersistence