Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Backdoor.Win32.Berbew.pzdeb81dff646ac724735acb7f1f496f52c9c646d87db81208355225895e32dc72N

  • Size

    91KB

  • Sample

    240916-tcxcdawfjk

  • MD5

    a588baee7fbb2652adabc9c8f89d0a60

  • SHA1

    584af0e20907b8a089ada4b988af1d6d1fa5e622

  • SHA256

    deb81dff646ac724735acb7f1f496f52c9c646d87db81208355225895e32dc72

  • SHA512

    d9902153113226061b24046319469fadc6cc6a60eebfb84a5599f556b27306fb9c064bdaadd32223b26645c4821855a4d1c17af7b312b5c218763d171d44b566

  • SSDEEP

    1536:LLI5OWtr1DFvYpbn9rm3Ijg2dG+eo1xC0GZFXUmSC2e3l:R6r1DFIOCg24ho1mtye3l

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      Backdoor.Win32.Berbew.pzdeb81dff646ac724735acb7f1f496f52c9c646d87db81208355225895e32dc72N

    • Size

      91KB

    • MD5

      a588baee7fbb2652adabc9c8f89d0a60

    • SHA1

      584af0e20907b8a089ada4b988af1d6d1fa5e622

    • SHA256

      deb81dff646ac724735acb7f1f496f52c9c646d87db81208355225895e32dc72

    • SHA512

      d9902153113226061b24046319469fadc6cc6a60eebfb84a5599f556b27306fb9c064bdaadd32223b26645c4821855a4d1c17af7b312b5c218763d171d44b566

    • SSDEEP

      1536:LLI5OWtr1DFvYpbn9rm3Ijg2dG+eo1xC0GZFXUmSC2e3l:R6r1DFIOCg24ho1mtye3l

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks