Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dd128a9bc7fc93086d0808d2ead95839104ec358d7528034034fff7b44eac53bN

  • Size

    128KB

  • Sample

    240928-me4qxashne

  • MD5

    cc1377fcd3a98117a4402f9b168a3a20

  • SHA1

    5fb386a62d7993db0a80cfe213006ab1a9115529

  • SHA256

    dd128a9bc7fc93086d0808d2ead95839104ec358d7528034034fff7b44eac53b

  • SHA512

    c2d4732ef9d66af84c02a31e0df4b1fb5f3798301b28708a33db0b194a745eafeab70d5d5be8f3aaf24a1559dc21764b0c1d39f79c407edeac686e23ab818e2e

  • SSDEEP

    3072:p3Ua0t3tDrFDHZtOgxBOXXwwfBoD6N3h8N5Gg:lUJL5tTDUZNSN57

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      dd128a9bc7fc93086d0808d2ead95839104ec358d7528034034fff7b44eac53bN

    • Size

      128KB

    • MD5

      cc1377fcd3a98117a4402f9b168a3a20

    • SHA1

      5fb386a62d7993db0a80cfe213006ab1a9115529

    • SHA256

      dd128a9bc7fc93086d0808d2ead95839104ec358d7528034034fff7b44eac53b

    • SHA512

      c2d4732ef9d66af84c02a31e0df4b1fb5f3798301b28708a33db0b194a745eafeab70d5d5be8f3aaf24a1559dc21764b0c1d39f79c407edeac686e23ab818e2e

    • SSDEEP

      3072:p3Ua0t3tDrFDHZtOgxBOXXwwfBoD6N3h8N5Gg:lUJL5tTDUZNSN57

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks