Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-ed1c291078ff57cce04f1f0b8e73b66985c653d7d8c2eedfc8f79bbd108cf18aN

  • Size

    63KB

  • Sample

    240916-tn221axapb

  • MD5

    344737c9ca9d20a2ba38d938b95f7f60

  • SHA1

    3c875b36a8505bfbc380436b830bf1636b71c3ba

  • SHA256

    ed1c291078ff57cce04f1f0b8e73b66985c653d7d8c2eedfc8f79bbd108cf18a

  • SHA512

    e34ca4906e6bc2feaf8feee67400349fa0e040fcab287027902d5e524c1987454be5aac06be05e2ad0d8d3cb2056cde49b44ce288b6e8a2496059d37520333b1

  • SSDEEP

    1536:SbFmVrPAU2LvDOGFDXZejV2+V9En9rjDHE:SbF+PA1Lv9FDsp2o9k9DHE

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-ed1c291078ff57cce04f1f0b8e73b66985c653d7d8c2eedfc8f79bbd108cf18aN

    • Size

      63KB

    • MD5

      344737c9ca9d20a2ba38d938b95f7f60

    • SHA1

      3c875b36a8505bfbc380436b830bf1636b71c3ba

    • SHA256

      ed1c291078ff57cce04f1f0b8e73b66985c653d7d8c2eedfc8f79bbd108cf18a

    • SHA512

      e34ca4906e6bc2feaf8feee67400349fa0e040fcab287027902d5e524c1987454be5aac06be05e2ad0d8d3cb2056cde49b44ce288b6e8a2496059d37520333b1

    • SSDEEP

      1536:SbFmVrPAU2LvDOGFDXZejV2+V9En9rjDHE:SbF+PA1Lv9FDsp2o9k9DHE

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks