berbew | 0a11ea94868a8a73ebb13e21b4ee75e172c8e903beeeddb8bd7a40a313b31bcc | Triage

Sharing

General

Target

0a11ea94868a8a73ebb13e21b4ee75e172c8e903beeeddb8bd7a40a313b31bccN.exe
Size

96KB
Sample

250208-m723sasnep
MD5

c932ef36284081d566ba541208cd0ee0
SHA1

aa94980740d0cc7c30ae2ac4f42826fc5371f5a7
SHA256

0a11ea94868a8a73ebb13e21b4ee75e172c8e903beeeddb8bd7a40a313b31bcc
SHA512

651562bbb3fd311f894e7b67cddd1201605a4fa1ff7c08b81a86743af35d93143a9da3a18083431096c08cf3dffa8f9b944f02db3b7451484f7fd762bbfaefb6
SSDEEP

1536:3L4a7Ld5jHI/l+urgG92Lk7RZObZUUWaegPYAG:3nfHIKJkClUUWaed

Score

10^/10

berbew bruteratel backdoor discovery persistence

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

http://promo.ru/index.htm

http://potleaf.chat.ru/index.htm

Targets

- Target
  
  0a11ea94868a8a73ebb13e21b4ee75e172c8e903beeeddb8bd7a40a313b31bccN.exe
- Size
  
  96KB
- MD5
  
  c932ef36284081d566ba541208cd0ee0
- SHA1
  
  aa94980740d0cc7c30ae2ac4f42826fc5371f5a7
- SHA256
  
  0a11ea94868a8a73ebb13e21b4ee75e172c8e903beeeddb8bd7a40a313b31bcc
- SHA512
  
  651562bbb3fd311f894e7b67cddd1201605a4fa1ff7c08b81a86743af35d93143a9da3a18083431096c08cf3dffa8f9b944f02db3b7451484f7fd762bbfaefb6
- SSDEEP
  
  1536:3L4a7Ld5jHI/l+urgG92Lk7RZObZUUWaegPYAG:3nfHIKJkClUUWaed
Score

10^/10

berbew backdoor discovery persistence bruteratel
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Berbew family
  berbew
- Brute Ratel C4
  A customized command and control framework for red teaming and adversary simulation.
  backdoor bruteratel
- Bruteratel family
  bruteratel
- Detect BruteRatel badger
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbackdoordiscoverypersistence

behavioral2

berbewbruteratelbackdoordiscoverypersistence