Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-dd492e23438628cf4fa952538d429df363f5faedbf0767606ba544a2833e080cN

  • Size

    52KB

  • Sample

    240916-tpwxdaxbjb

  • MD5

    422ebf60bdda2e5919521176091673b0

  • SHA1

    40ae57f585d31a0947a8bed6b03ac27fdcdc777d

  • SHA256

    dd492e23438628cf4fa952538d429df363f5faedbf0767606ba544a2833e080c

  • SHA512

    548e36a307127722a464ff6253f8f5f4462ecf4dfc1f3641e1420904cd55cfb945bf877d6ea60b6bc3ed6e113eb5131919684ce89bbcab7a7a8d94d5846f2cf9

  • SSDEEP

    768:KJagPfVRbY2c0cm24MzYzmE/B10gfpcgyHaqU+S4WJoA/1H5F/sFilMABvKWe:KcuVRbYOcn4nyE/B15xctthGoG/MAdKZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-dd492e23438628cf4fa952538d429df363f5faedbf0767606ba544a2833e080cN

    • Size

      52KB

    • MD5

      422ebf60bdda2e5919521176091673b0

    • SHA1

      40ae57f585d31a0947a8bed6b03ac27fdcdc777d

    • SHA256

      dd492e23438628cf4fa952538d429df363f5faedbf0767606ba544a2833e080c

    • SHA512

      548e36a307127722a464ff6253f8f5f4462ecf4dfc1f3641e1420904cd55cfb945bf877d6ea60b6bc3ed6e113eb5131919684ce89bbcab7a7a8d94d5846f2cf9

    • SSDEEP

      768:KJagPfVRbY2c0cm24MzYzmE/B10gfpcgyHaqU+S4WJoA/1H5F/sFilMABvKWe:KcuVRbYOcn4nyE/B15xctthGoG/MAdKZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks