Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-20b8d769aeb0b7521617ffecafefce82f408b9d974f41233c0bad478c7ac3a7bN

  • Size

    64KB

  • Sample

    240916-tc6aaawdng

  • MD5

    f680c7f266806cd90a6df8aebb259a10

  • SHA1

    4de3c776f85118939b2dc2f82ba3c4a275fdb117

  • SHA256

    20b8d769aeb0b7521617ffecafefce82f408b9d974f41233c0bad478c7ac3a7b

  • SHA512

    6d9c9856a4b12dc5b19d9f38b1f76a9e5fe455059162d20f8ee24ef8feb2bd9be0b49dadec8173e4abf47df23bf962fb024b168aabc27ecb0003f8147c3aa241

  • SSDEEP

    768:C9zBnjf3f5QeUwNG6KqQBnvll2BSyMQ2LpmD3F++PDVWuMJiNET/1H5E6XJ1IwEv:cpf3fjUwNOqonv8ua17rMhFvXUwXfzwv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-20b8d769aeb0b7521617ffecafefce82f408b9d974f41233c0bad478c7ac3a7bN

    • Size

      64KB

    • MD5

      f680c7f266806cd90a6df8aebb259a10

    • SHA1

      4de3c776f85118939b2dc2f82ba3c4a275fdb117

    • SHA256

      20b8d769aeb0b7521617ffecafefce82f408b9d974f41233c0bad478c7ac3a7b

    • SHA512

      6d9c9856a4b12dc5b19d9f38b1f76a9e5fe455059162d20f8ee24ef8feb2bd9be0b49dadec8173e4abf47df23bf962fb024b168aabc27ecb0003f8147c3aa241

    • SSDEEP

      768:C9zBnjf3f5QeUwNG6KqQBnvll2BSyMQ2LpmD3F++PDVWuMJiNET/1H5E6XJ1IwEv:cpf3fjUwNOqonv8ua17rMhFvXUwXfzwv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks