Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7bf40369e2d1a2272ca424fa0822eb56eaef8318b2ee6c6ce6ca2623457620feN

  • Size

    194KB

  • Sample

    240921-g3aj3sydkc

  • MD5

    a88c03f8a72c38a8416e4d95f3bca8c0

  • SHA1

    28cc8c439304b6c6aa44089ee3f866b1f5c1b6d6

  • SHA256

    7bf40369e2d1a2272ca424fa0822eb56eaef8318b2ee6c6ce6ca2623457620fe

  • SHA512

    ad8b83e51ca2c6630f4da269d9287e9363ae118b35600428ff24fe4f2f808e9b5d8a06e8a7b350c1961aa64a19e161b0190ab9f7a967944a1ec1d4b3b84a91f7

  • SSDEEP

    3072:4955o/tu6dCtREJ3mMIM/kEmMIGumMIc/1GV:as/tusCtyJ35/pbuh/UV

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      7bf40369e2d1a2272ca424fa0822eb56eaef8318b2ee6c6ce6ca2623457620feN

    • Size

      194KB

    • MD5

      a88c03f8a72c38a8416e4d95f3bca8c0

    • SHA1

      28cc8c439304b6c6aa44089ee3f866b1f5c1b6d6

    • SHA256

      7bf40369e2d1a2272ca424fa0822eb56eaef8318b2ee6c6ce6ca2623457620fe

    • SHA512

      ad8b83e51ca2c6630f4da269d9287e9363ae118b35600428ff24fe4f2f808e9b5d8a06e8a7b350c1961aa64a19e161b0190ab9f7a967944a1ec1d4b3b84a91f7

    • SSDEEP

      3072:4955o/tu6dCtREJ3mMIM/kEmMIGumMIc/1GV:as/tusCtyJ35/pbuh/UV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks