Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    89bac500ab9d76eeae429327b4e3af24d7932b27e80f40e708504be4bbf5b6bdN

  • Size

    91KB

  • Sample

    240929-ln5h5a1glb

  • MD5

    b6ab85497a14c46d11abc8c0efd7e7f0

  • SHA1

    08621f23183a3ecec9b03996f49bc3e4fbc83b2c

  • SHA256

    89bac500ab9d76eeae429327b4e3af24d7932b27e80f40e708504be4bbf5b6bd

  • SHA512

    bd37fe4806a20869d6a24985d8c4af82ae33166785f132ffb4b05f0ad34ecb28886f5b7e28b41c04a364f98108a89ba86c076f834ee72b030ec99867cdbc1a2f

  • SSDEEP

    1536:vqCewDodpDmLvm6VkRP16aMlLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXd45J:vqVYoXmLvZkRcvlLBsLnVUUHyNwtN4/G

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      89bac500ab9d76eeae429327b4e3af24d7932b27e80f40e708504be4bbf5b6bdN

    • Size

      91KB

    • MD5

      b6ab85497a14c46d11abc8c0efd7e7f0

    • SHA1

      08621f23183a3ecec9b03996f49bc3e4fbc83b2c

    • SHA256

      89bac500ab9d76eeae429327b4e3af24d7932b27e80f40e708504be4bbf5b6bd

    • SHA512

      bd37fe4806a20869d6a24985d8c4af82ae33166785f132ffb4b05f0ad34ecb28886f5b7e28b41c04a364f98108a89ba86c076f834ee72b030ec99867cdbc1a2f

    • SSDEEP

      1536:vqCewDodpDmLvm6VkRP16aMlLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXd45J:vqVYoXmLvZkRcvlLBsLnVUUHyNwtN4/G

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks