Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-36dbb9bbe0e25c6dbfe1b99ad80e324580fa0d209896b7f93f88533528822618N

  • Size

    67KB

  • Sample

    240916-tc988swfjp

  • MD5

    2cf01acf68bf255cf4295ed1f43f6510

  • SHA1

    a2d126ad94b2a7eea8f7a4f908f846896816d8fa

  • SHA256

    36dbb9bbe0e25c6dbfe1b99ad80e324580fa0d209896b7f93f88533528822618

  • SHA512

    0745cd3e295e60e3db96c9a634c785465e7a8c24c791d195eb329131d64589bfbf651761d3ede1572bfe5fa38f08054b90b1acf0d1bc221b1d613fd85107ea81

  • SSDEEP

    1536:t9AC2iCNn8HDv0cnkSikPkYWU9J1UjRvsJifTduD4oTxw:t9u58HYOkGMYWa1UjRvsJibdMTxw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-36dbb9bbe0e25c6dbfe1b99ad80e324580fa0d209896b7f93f88533528822618N

    • Size

      67KB

    • MD5

      2cf01acf68bf255cf4295ed1f43f6510

    • SHA1

      a2d126ad94b2a7eea8f7a4f908f846896816d8fa

    • SHA256

      36dbb9bbe0e25c6dbfe1b99ad80e324580fa0d209896b7f93f88533528822618

    • SHA512

      0745cd3e295e60e3db96c9a634c785465e7a8c24c791d195eb329131d64589bfbf651761d3ede1572bfe5fa38f08054b90b1acf0d1bc221b1d613fd85107ea81

    • SSDEEP

      1536:t9AC2iCNn8HDv0cnkSikPkYWU9J1UjRvsJifTduD4oTxw:t9u58HYOkGMYWa1UjRvsJibdMTxw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks