Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-466e2e8fec1590002efe1071d27b2412cfab596ae0d3a87f95d6f38b253086cbN

  • Size

    67KB

  • Sample

    240919-g3jsravcjf

  • MD5

    4bf1af65bbca9434397ad521cf251f60

  • SHA1

    cdb0fbaa2223d1f43970717117e1ea0b1535584b

  • SHA256

    466e2e8fec1590002efe1071d27b2412cfab596ae0d3a87f95d6f38b253086cb

  • SHA512

    1f521f0da6ebb0a5f9a15f9a26fbebc59b7a545cb9ac6ebfa9cb45ae7bdb437b844668191005d078e59dc8b8b105b0247efa8259724f44985de195de5a9bb583

  • SSDEEP

    1536:xuJ6XDiG9Qs2LobX6S2VOsJifTduD4oTxw:xuJ6XDiK2LCX690sJibdMTxw

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-466e2e8fec1590002efe1071d27b2412cfab596ae0d3a87f95d6f38b253086cbN

    • Size

      67KB

    • MD5

      4bf1af65bbca9434397ad521cf251f60

    • SHA1

      cdb0fbaa2223d1f43970717117e1ea0b1535584b

    • SHA256

      466e2e8fec1590002efe1071d27b2412cfab596ae0d3a87f95d6f38b253086cb

    • SHA512

      1f521f0da6ebb0a5f9a15f9a26fbebc59b7a545cb9ac6ebfa9cb45ae7bdb437b844668191005d078e59dc8b8b105b0247efa8259724f44985de195de5a9bb583

    • SSDEEP

      1536:xuJ6XDiG9Qs2LobX6S2VOsJifTduD4oTxw:xuJ6XDiK2LCX690sJibdMTxw

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks