Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Backdoor.Win32.Berbew-e129a563de6e1cdf4534bf798b0639819cea28aa20e9c063dfa39dbd697c299fN

  • Size

    49KB

  • Sample

    240916-tc2xvswdnb

  • MD5

    0b9f8181609cb4a74b47347175cdb7f0

  • SHA1

    e297303cc644bd56a62fa395168d4008ae7690ba

  • SHA256

    e129a563de6e1cdf4534bf798b0639819cea28aa20e9c063dfa39dbd697c299f

  • SHA512

    5c2a0163ee467112c19fe9798a8d472bcb9d7a8fead4fc3e1d633f709a79e50d95e4be444bbe300ad30be6c211b55bec554c5e9bee69faedb2d59252d8a6f9f2

  • SSDEEP

    768:EqeibVwwNrCOEnxpxd4xMXLoBFb2w/g6gBO0hS/1H50Ll2Xdnh7:Eqe8FcPxd4KXwgBO02Vl

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      Backdoor.Win32.Berbew-e129a563de6e1cdf4534bf798b0639819cea28aa20e9c063dfa39dbd697c299fN

    • Size

      49KB

    • MD5

      0b9f8181609cb4a74b47347175cdb7f0

    • SHA1

      e297303cc644bd56a62fa395168d4008ae7690ba

    • SHA256

      e129a563de6e1cdf4534bf798b0639819cea28aa20e9c063dfa39dbd697c299f

    • SHA512

      5c2a0163ee467112c19fe9798a8d472bcb9d7a8fead4fc3e1d633f709a79e50d95e4be444bbe300ad30be6c211b55bec554c5e9bee69faedb2d59252d8a6f9f2

    • SSDEEP

      768:EqeibVwwNrCOEnxpxd4xMXLoBFb2w/g6gBO0hS/1H50Ll2Xdnh7:Eqe8FcPxd4KXwgBO02Vl

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks