Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-641cf848e8ac1634df8d8f6d14caa9302172abd26a8463512c32021185101288N

  • Size

    55KB

  • Sample

    240916-s9jxwawckc

  • MD5

    3e46948b77df2632605ae081cb670e50

  • SHA1

    b7513db5f198b8f9fa2a2e87f5a182cf2c95d11d

  • SHA256

    641cf848e8ac1634df8d8f6d14caa9302172abd26a8463512c32021185101288

  • SHA512

    6c182e6aff29be20a5f0676cf97a81e2da8a81cbae469a06a1e395772f16f930b3dacbb4200d55ce9ffc3ad542c7785ffdb86840add089dbc007d2a92586c243

  • SSDEEP

    768:3SuNymzHVYOCDE6MJXzxeWcXnsHrLZ+MkhAXv6vQhOt/1H5zUNSoNSd0A3shxDfC:Cu7CzWrrLNRCmOnlUNSoNSd0A3shxD6

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-641cf848e8ac1634df8d8f6d14caa9302172abd26a8463512c32021185101288N

    • Size

      55KB

    • MD5

      3e46948b77df2632605ae081cb670e50

    • SHA1

      b7513db5f198b8f9fa2a2e87f5a182cf2c95d11d

    • SHA256

      641cf848e8ac1634df8d8f6d14caa9302172abd26a8463512c32021185101288

    • SHA512

      6c182e6aff29be20a5f0676cf97a81e2da8a81cbae469a06a1e395772f16f930b3dacbb4200d55ce9ffc3ad542c7785ffdb86840add089dbc007d2a92586c243

    • SSDEEP

      768:3SuNymzHVYOCDE6MJXzxeWcXnsHrLZ+MkhAXv6vQhOt/1H5zUNSoNSd0A3shxDfC:Cu7CzWrrLNRCmOnlUNSoNSd0A3shxD6

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks