Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-79e5095ea4978d0738308a4e60a23659cfbc512cb137b5e0ee842c4adf0ee295N

  • Size

    55KB

  • Sample

    240916-tnwvzsxbqj

  • MD5

    f886e772381a99df0fdcca4759612850

  • SHA1

    27ae7f213e31de426075f826cd9948501a3a63cd

  • SHA256

    79e5095ea4978d0738308a4e60a23659cfbc512cb137b5e0ee842c4adf0ee295

  • SHA512

    63d1d76c2786dc523802eb9f29bb4e30cda5be5f28fe292a563022780e06a92bcf4a52a9133990cedfa42063829a97b10d18651ac5b1b0643ab6d2ad294db87c

  • SSDEEP

    1536:EwAj493F9ZkKEx6rTN9UiaOBNSoNSd0A3shxD6:EwAj+19ZFbMOBNXNW0A8hh

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-79e5095ea4978d0738308a4e60a23659cfbc512cb137b5e0ee842c4adf0ee295N

    • Size

      55KB

    • MD5

      f886e772381a99df0fdcca4759612850

    • SHA1

      27ae7f213e31de426075f826cd9948501a3a63cd

    • SHA256

      79e5095ea4978d0738308a4e60a23659cfbc512cb137b5e0ee842c4adf0ee295

    • SHA512

      63d1d76c2786dc523802eb9f29bb4e30cda5be5f28fe292a563022780e06a92bcf4a52a9133990cedfa42063829a97b10d18651ac5b1b0643ab6d2ad294db87c

    • SSDEEP

      1536:EwAj493F9ZkKEx6rTN9UiaOBNSoNSd0A3shxD6:EwAj+19ZFbMOBNXNW0A8hh

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks