Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8e0e64b6b59810d2f5310f07cfde1206171016449828e70b01987d09bde422c8N.exe

  • Size

    363KB

  • Sample

    240925-veartswdrk

  • MD5

    f600961bd104041ab1c557325bbbef50

  • SHA1

    93fe330a9190c3a60189e391b77f032f8a95799c

  • SHA256

    8e0e64b6b59810d2f5310f07cfde1206171016449828e70b01987d09bde422c8

  • SHA512

    cd18be366becf58a7f03ce72ef6209f861bbe7b379308d2b7351cf901b51c59971510f66df8f11aa126e73cf19759c2add33aa0ca0f7c6eaf579bcade47a2458

  • SSDEEP

    6144:wyL2rYgbVU5tTbVXksax8n5tTDUZNSN58VU5tT:wpU8G5tP6sus5t6NSN6G5t

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      8e0e64b6b59810d2f5310f07cfde1206171016449828e70b01987d09bde422c8N.exe

    • Size

      363KB

    • MD5

      f600961bd104041ab1c557325bbbef50

    • SHA1

      93fe330a9190c3a60189e391b77f032f8a95799c

    • SHA256

      8e0e64b6b59810d2f5310f07cfde1206171016449828e70b01987d09bde422c8

    • SHA512

      cd18be366becf58a7f03ce72ef6209f861bbe7b379308d2b7351cf901b51c59971510f66df8f11aa126e73cf19759c2add33aa0ca0f7c6eaf579bcade47a2458

    • SSDEEP

      6144:wyL2rYgbVU5tTbVXksax8n5tTDUZNSN58VU5tT:wpU8G5tP6sus5t6NSN6G5t

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks