Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5c038827ce41febae1b749510c95f404a8eaade4e019cbc0c3fd0c96b64614e1N

  • Size

    422KB

  • Sample

    240927-dq66qssejp

  • MD5

    f9b3d6917844a939fda013ca51391510

  • SHA1

    53093194b802ef10e216b16a5abb2d0bd96f2473

  • SHA256

    5c038827ce41febae1b749510c95f404a8eaade4e019cbc0c3fd0c96b64614e1

  • SHA512

    b1c8d79749181ad78de0206ebe34458a6f5f08be60a0121c0a3d65c5174be96ad5b941819eaed26ed87e7123ff48717dd41e85181e69053f45f826eb2c37d3fd

  • SSDEEP

    6144:O6JibabO6FSPnvZU1AF+6FSPnvZhDYsKKo6FSPnvZU1AF+6FSPnvZq:gGaXgA4XfczXgA4XA

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      5c038827ce41febae1b749510c95f404a8eaade4e019cbc0c3fd0c96b64614e1N

    • Size

      422KB

    • MD5

      f9b3d6917844a939fda013ca51391510

    • SHA1

      53093194b802ef10e216b16a5abb2d0bd96f2473

    • SHA256

      5c038827ce41febae1b749510c95f404a8eaade4e019cbc0c3fd0c96b64614e1

    • SHA512

      b1c8d79749181ad78de0206ebe34458a6f5f08be60a0121c0a3d65c5174be96ad5b941819eaed26ed87e7123ff48717dd41e85181e69053f45f826eb2c37d3fd

    • SSDEEP

      6144:O6JibabO6FSPnvZU1AF+6FSPnvZhDYsKKo6FSPnvZU1AF+6FSPnvZq:gGaXgA4XfczXgA4XA

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks