Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-b6bee6007806d3a8687396bcad366205d654364df4ea67f7fab69993661acc0cN

  • Size

    63KB

  • Sample

    240916-tb4easwenq

  • MD5

    dfe5449ce12f8baf8c2023de1b2a1660

  • SHA1

    de507d63a6b220103424319ee332666fe9843697

  • SHA256

    b6bee6007806d3a8687396bcad366205d654364df4ea67f7fab69993661acc0c

  • SHA512

    acb0c4fee9fa6fdc8782c68f3779f2d52a3ba81d6d93e359c900a81e731ebfdde2738fd7cde706b308dfbc5c2d8b77c36dde0483f7d45a26ebc43564289d691b

  • SSDEEP

    768:z+n54+dV9FWHyjwBKfbYAhR/1H5oVEfemrUTvn93b7NRDMFME3eUgU:I5nBMH2wBKfUAhL+VSEn9rjDHE

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-b6bee6007806d3a8687396bcad366205d654364df4ea67f7fab69993661acc0cN

    • Size

      63KB

    • MD5

      dfe5449ce12f8baf8c2023de1b2a1660

    • SHA1

      de507d63a6b220103424319ee332666fe9843697

    • SHA256

      b6bee6007806d3a8687396bcad366205d654364df4ea67f7fab69993661acc0c

    • SHA512

      acb0c4fee9fa6fdc8782c68f3779f2d52a3ba81d6d93e359c900a81e731ebfdde2738fd7cde706b308dfbc5c2d8b77c36dde0483f7d45a26ebc43564289d691b

    • SSDEEP

      768:z+n54+dV9FWHyjwBKfbYAhR/1H5oVEfemrUTvn93b7NRDMFME3eUgU:I5nBMH2wBKfUAhL+VSEn9rjDHE

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks