Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-123450740edede6785f6431914e008104895b9e31da491d54849f553417b70c6N

  • Size

    64KB

  • Sample

    240916-tc4rfswdne

  • MD5

    f8fe5dc9b93ceb8b491a79f245db9b00

  • SHA1

    5217fbefb8c698d2e295d70168721ff4f7c3b420

  • SHA256

    123450740edede6785f6431914e008104895b9e31da491d54849f553417b70c6

  • SHA512

    a9989d2bc910d23420ca4d9ea4c065b56c9c3765e428c0d59da2df4da9fd31785234fd451894188f72673647c12ef79f9f2172766895fdfaac36f1a0f5452ccd

  • SSDEEP

    1536:iGw3cKHGwTqMp0PXJBGLLooowyQPXUwXfzwv:izFTw6LLooowlLPzwv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-123450740edede6785f6431914e008104895b9e31da491d54849f553417b70c6N

    • Size

      64KB

    • MD5

      f8fe5dc9b93ceb8b491a79f245db9b00

    • SHA1

      5217fbefb8c698d2e295d70168721ff4f7c3b420

    • SHA256

      123450740edede6785f6431914e008104895b9e31da491d54849f553417b70c6

    • SHA512

      a9989d2bc910d23420ca4d9ea4c065b56c9c3765e428c0d59da2df4da9fd31785234fd451894188f72673647c12ef79f9f2172766895fdfaac36f1a0f5452ccd

    • SSDEEP

      1536:iGw3cKHGwTqMp0PXJBGLLooowyQPXUwXfzwv:izFTw6LLooowlLPzwv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks