Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    961fd7c38732890016ebe6015f6c1e2f13808dcb6f76c450a3b35b8ed57f1fb3N

  • Size

    704KB

  • Sample

    240921-tlkd6s1cpd

  • MD5

    dbfb93bf262eea76d0b3741388bb04c0

  • SHA1

    760674bc54172510b187dad4e495831842c0b7f9

  • SHA256

    961fd7c38732890016ebe6015f6c1e2f13808dcb6f76c450a3b35b8ed57f1fb3

  • SHA512

    ca8a2e1f10e59a90ddec4fd8468c0a5e5e594ebd1ac6785daf214596634080d34333cb1387161ce684b1346d1e8c3798b390530f02097568faac3a024fd7d269

  • SSDEEP

    12288:qBxBaph2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiRLsR4P377a20i:qBxBaph2kkkkK4kXkkkkkkkkhLX3a20i

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      961fd7c38732890016ebe6015f6c1e2f13808dcb6f76c450a3b35b8ed57f1fb3N

    • Size

      704KB

    • MD5

      dbfb93bf262eea76d0b3741388bb04c0

    • SHA1

      760674bc54172510b187dad4e495831842c0b7f9

    • SHA256

      961fd7c38732890016ebe6015f6c1e2f13808dcb6f76c450a3b35b8ed57f1fb3

    • SHA512

      ca8a2e1f10e59a90ddec4fd8468c0a5e5e594ebd1ac6785daf214596634080d34333cb1387161ce684b1346d1e8c3798b390530f02097568faac3a024fd7d269

    • SSDEEP

      12288:qBxBaph2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiRLsR4P377a20i:qBxBaph2kkkkK4kXkkkkkkkkhLX3a20i

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks