Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Backdoor.Win32.Berbeweae8e4b71e8cbdeb572ab78fc970400ee81a3d12a5c9d2845435683651424d4cN

  • Size

    49KB

  • Sample

    240916-tltb3sxaql

  • MD5

    7c3d8bac91ed166108701fc700424240

  • SHA1

    877769594071bf93f405f4b7ac968c7da1524565

  • SHA256

    eae8e4b71e8cbdeb572ab78fc970400ee81a3d12a5c9d2845435683651424d4c

  • SHA512

    4c372b45c5a03884b1a46829db4384b355453a891a96858b8bf66d7f46a5700a5951574e1050cdb4923b1ff6e0d9d5023822a22d40767e2b8f3227ccfebd9c4e

  • SSDEEP

    768:EbKYQ4t/Z6b7YaqM6gM73tNRqAr91mXfwgh384Zv/1H5e2Xdnh7:ElZ6b77qeCx98he4ZBNl

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      Backdoor.Win32.Berbeweae8e4b71e8cbdeb572ab78fc970400ee81a3d12a5c9d2845435683651424d4cN

    • Size

      49KB

    • MD5

      7c3d8bac91ed166108701fc700424240

    • SHA1

      877769594071bf93f405f4b7ac968c7da1524565

    • SHA256

      eae8e4b71e8cbdeb572ab78fc970400ee81a3d12a5c9d2845435683651424d4c

    • SHA512

      4c372b45c5a03884b1a46829db4384b355453a891a96858b8bf66d7f46a5700a5951574e1050cdb4923b1ff6e0d9d5023822a22d40767e2b8f3227ccfebd9c4e

    • SSDEEP

      768:EbKYQ4t/Z6b7YaqM6gM73tNRqAr91mXfwgh384Zv/1H5e2Xdnh7:ElZ6b77qeCx98he4ZBNl

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks