berbew | 49df1df51dff6789b86c5803eac732b524ab623525804614382d78e95ed390ae | Triage

Sharing

General

Target

49df1df51dff6789b86c5803eac732b524ab623525804614382d78e95ed390ae.exe
Size

163KB
Sample

250217-jxzywswndp
MD5

3d73f07fd16a0e3635f3e18b756226da
SHA1

aba45f6ecf2c97d69cb4989c0ff9a22f63ee57d3
SHA256

49df1df51dff6789b86c5803eac732b524ab623525804614382d78e95ed390ae
SHA512

333c326e4aff8f7608a5196b4b561a3907e2a082ffee798b0782d245e563f4f52e9fbdcf2bd1fca1236d41846ab5dc352b626368dd5ba7e59aad408b7ef83066
SSDEEP

1536:PhkK2rIVLj2cgHBDCwvWdXT4pEZwlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVUg:l2SLjgHBDB4sOwltOrWKDBr+yJbg

Score

10^/10

berbew bruteratel backdoor discovery persistence

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Targets

- Target
  
  49df1df51dff6789b86c5803eac732b524ab623525804614382d78e95ed390ae.exe
- Size
  
  163KB
- MD5
  
  3d73f07fd16a0e3635f3e18b756226da
- SHA1
  
  aba45f6ecf2c97d69cb4989c0ff9a22f63ee57d3
- SHA256
  
  49df1df51dff6789b86c5803eac732b524ab623525804614382d78e95ed390ae
- SHA512
  
  333c326e4aff8f7608a5196b4b561a3907e2a082ffee798b0782d245e563f4f52e9fbdcf2bd1fca1236d41846ab5dc352b626368dd5ba7e59aad408b7ef83066
- SSDEEP
  
  1536:PhkK2rIVLj2cgHBDCwvWdXT4pEZwlProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVUg:l2SLjgHBDB4sOwltOrWKDBr+yJbg
Score

10^/10

berbew bruteratel backdoor discovery persistence
- Adds autorun key to be loaded by Explorer.exe on startup
  persistence
- Berbew
  Berbew is a backdoor written in C++.
  backdoor berbew
- Berbew family
  berbew
- Brute Ratel C4
  A customized command and control framework for red teaming and adversary simulation.
  backdoor bruteratel
- Bruteratel family
  bruteratel
- Detect BruteRatel badger
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

berbewbruteratelbackdoordiscoverypersistence

behavioral2

berbewbackdoordiscoverypersistence