Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Backdoor.Win32.Berbew.pz-dfb4bad489569ede9bc47a3e26004e7aedbb3e64dc75fc07d7cbcf38a9d74b22N

  • Size

    89KB

  • Sample

    240916-tpcthaxbrq

  • MD5

    d949cfb76f5607b01da6c6b3649ef4a0

  • SHA1

    5690fe64cac920277c4240c0a85e33d74e9c8b6b

  • SHA256

    dfb4bad489569ede9bc47a3e26004e7aedbb3e64dc75fc07d7cbcf38a9d74b22

  • SHA512

    9afdcaf3e46c40f49d74c857d464479618b491c8d9b521dd28b3b158215b5164e7ab8c5b7eeb381faaa5d865bc3d77d16c24dcf20ea1d78cb4227864f3e25127

  • SSDEEP

    1536:kBf8osZ5pxNpeTfBBcmc9DRaUovXPjQWYbmsCIK282c8CPGCECa9bC7e3iaqWpOG:GsZTp6ffCskWYbmhD28Qxnd9GMHqW/

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Targets

    • Target

      Backdoor.Win32.Berbew.pz-dfb4bad489569ede9bc47a3e26004e7aedbb3e64dc75fc07d7cbcf38a9d74b22N

    • Size

      89KB

    • MD5

      d949cfb76f5607b01da6c6b3649ef4a0

    • SHA1

      5690fe64cac920277c4240c0a85e33d74e9c8b6b

    • SHA256

      dfb4bad489569ede9bc47a3e26004e7aedbb3e64dc75fc07d7cbcf38a9d74b22

    • SHA512

      9afdcaf3e46c40f49d74c857d464479618b491c8d9b521dd28b3b158215b5164e7ab8c5b7eeb381faaa5d865bc3d77d16c24dcf20ea1d78cb4227864f3e25127

    • SSDEEP

      1536:kBf8osZ5pxNpeTfBBcmc9DRaUovXPjQWYbmsCIK282c8CPGCECa9bC7e3iaqWpOG:GsZTp6ffCskWYbmhD28Qxnd9GMHqW/

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks