Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4ca370001f559c355a74b03bb9982615393372299bfbd4bc71333e82fdaedeb7N

  • Size

    64KB

  • Sample

    240919-vysrra1dpk

  • MD5

    456ae1d89d734b4092abe27c895d46b0

  • SHA1

    ab20450b276917c6f538ed7225b9e756d6ad23ae

  • SHA256

    4ca370001f559c355a74b03bb9982615393372299bfbd4bc71333e82fdaedeb7

  • SHA512

    a1741829a4ebde2cebd2f1f6ddcea97102f541e482705c79c7720a2514cd1d9a9f9120c241729164925bf826433c142da61db0582949bec44f27e164f2d7e14c

  • SSDEEP

    1536:Fspmm1XgH6+ADwpl5OY8Wy2CJrPFW2iwTbW:6pmKXga+ywpHj8X2CNFW2VTbW

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      4ca370001f559c355a74b03bb9982615393372299bfbd4bc71333e82fdaedeb7N

    • Size

      64KB

    • MD5

      456ae1d89d734b4092abe27c895d46b0

    • SHA1

      ab20450b276917c6f538ed7225b9e756d6ad23ae

    • SHA256

      4ca370001f559c355a74b03bb9982615393372299bfbd4bc71333e82fdaedeb7

    • SHA512

      a1741829a4ebde2cebd2f1f6ddcea97102f541e482705c79c7720a2514cd1d9a9f9120c241729164925bf826433c142da61db0582949bec44f27e164f2d7e14c

    • SSDEEP

      1536:Fspmm1XgH6+ADwpl5OY8Wy2CJrPFW2iwTbW:6pmKXga+ywpHj8X2CNFW2VTbW

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks