Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
762bbcac31e36b1b50ef857efaef501f500985e7084f1ba4ebf85703e11aebcc
-
Size
93KB
-
Sample
250217-cab5zswlew
-
MD5
8dce8d7c9695fa0c9b3936e0c843b769
-
SHA1
ca77cf04bc0c3effd357560adc7eb36c5b12cdb8
-
SHA256
762bbcac31e36b1b50ef857efaef501f500985e7084f1ba4ebf85703e11aebcc
-
SHA512
b871f647cd3e70d6a17fc4209a6d53a6859e6e979d43b91665a6467dd27362cc408ba628fa1f5db32cf0933a1c4ba15528a6f908f45912b8a24bc8b5e5b8f0b5
-
SSDEEP
1536:nlf8l6hLViYFi9qSIRTM9h9lIzHVSTfGoEt2xbgpLxAh55O53q52IrFzTXMtDhGx:lpViui9qnTgGDVSTfGNt2xbgpLxAh55j
Malware Config
Extracted
berbew
http://crutop.nu/index.php
http://devx.nm.ru/index.php
http://ros-neftbank.ru/index.php
http://master-x.com/index.php
http://www.redline.ru/index.php
http://cvv.ru/index.php
http://hackers.lv/index.php
http://fethard.biz/index.php
http://crutop.ru/index.php
http://kaspersky.ru/index.php
http://color-bank.ru/index.php
http://adult-empire.com/index.php
http://virus-list.com/index.php
http://trojan.ru/index.php
http://xware.cjb.net/index.htm
http://konfiskat.org/index.htm
http://parex-bank.ru/index.htm
http://fethard.biz/index.htm
http://ldark.nm.ru/index.htm
http://gaz-prom.ru/index.htm
Targets
-
-
Target
762bbcac31e36b1b50ef857efaef501f500985e7084f1ba4ebf85703e11aebcc
-
Size
93KB
-
MD5
8dce8d7c9695fa0c9b3936e0c843b769
-
SHA1
ca77cf04bc0c3effd357560adc7eb36c5b12cdb8
-
SHA256
762bbcac31e36b1b50ef857efaef501f500985e7084f1ba4ebf85703e11aebcc
-
SHA512
b871f647cd3e70d6a17fc4209a6d53a6859e6e979d43b91665a6467dd27362cc408ba628fa1f5db32cf0933a1c4ba15528a6f908f45912b8a24bc8b5e5b8f0b5
-
SSDEEP
1536:nlf8l6hLViYFi9qSIRTM9h9lIzHVSTfGoEt2xbgpLxAh55O53q52IrFzTXMtDhGx:lpViui9qnTgGDVSTfGNt2xbgpLxAh55j
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-