Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-31005e4eeda92594f2842179977d6c7461e79dd0541afe529afddbad429ab00cN

  • Size

    67KB

  • Sample

    240916-tngq3axalf

  • MD5

    27c156b3661d96168d4b7a3f5881ce60

  • SHA1

    e35cbc177a1cda30d945b49a28f5290542088d17

  • SHA256

    31005e4eeda92594f2842179977d6c7461e79dd0541afe529afddbad429ab00c

  • SHA512

    6604514cafa32b475fd27b08b9ca5329dceada155727a36da605a59aa557588d5179c1dfad333a07a5103c1159fb7026871603dd925411ded192b7ecdaeee2c6

  • SSDEEP

    768:cLQVyGNM4YDmqVD9CVjgkfjz2VdIHRqpX/1H5r5EVErME/feYvn1q/D2ZuAx0Go+:WQ9MOsa0kfjzoWR2DsJifTduD4oTxw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-31005e4eeda92594f2842179977d6c7461e79dd0541afe529afddbad429ab00cN

    • Size

      67KB

    • MD5

      27c156b3661d96168d4b7a3f5881ce60

    • SHA1

      e35cbc177a1cda30d945b49a28f5290542088d17

    • SHA256

      31005e4eeda92594f2842179977d6c7461e79dd0541afe529afddbad429ab00c

    • SHA512

      6604514cafa32b475fd27b08b9ca5329dceada155727a36da605a59aa557588d5179c1dfad333a07a5103c1159fb7026871603dd925411ded192b7ecdaeee2c6

    • SSDEEP

      768:cLQVyGNM4YDmqVD9CVjgkfjz2VdIHRqpX/1H5r5EVErME/feYvn1q/D2ZuAx0Go+:WQ9MOsa0kfjzoWR2DsJifTduD4oTxw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks