Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1392ea2165d496d8f514407d429d861902ce3905344efd4be3bef6b087801799N

  • Size

    727KB

  • Sample

    240927-zjdfqsydrj

  • MD5

    4d874e96f199de5bfecf61f5f4fc7a30

  • SHA1

    6ae913978700a88640f4b99e6f674ec8786c54b0

  • SHA256

    1392ea2165d496d8f514407d429d861902ce3905344efd4be3bef6b087801799

  • SHA512

    90ba31a3f4db98cb76dc2548eafd45e283091a7209a987e967d3d2584274bc413c2ef62ee640c52d171b6e9e53f1dcc0b3e754c6a9338e6800fe19e76178eca8

  • SSDEEP

    12288:D3KB5turkWhbi5thyDf5turkWhbi5taX5turkWhbi5thyDf5turkWhbi5t:D3KOkEUyD0kEPskEUyD0kE

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1392ea2165d496d8f514407d429d861902ce3905344efd4be3bef6b087801799N

    • Size

      727KB

    • MD5

      4d874e96f199de5bfecf61f5f4fc7a30

    • SHA1

      6ae913978700a88640f4b99e6f674ec8786c54b0

    • SHA256

      1392ea2165d496d8f514407d429d861902ce3905344efd4be3bef6b087801799

    • SHA512

      90ba31a3f4db98cb76dc2548eafd45e283091a7209a987e967d3d2584274bc413c2ef62ee640c52d171b6e9e53f1dcc0b3e754c6a9338e6800fe19e76178eca8

    • SSDEEP

      12288:D3KB5turkWhbi5thyDf5turkWhbi5taX5turkWhbi5thyDf5turkWhbi5t:D3KOkEUyD0kEPskEUyD0kE

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks