Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f85f45062d6ca153552db80e36a4f59ccbbd38fe4896962b1b7d1b9e654c0e8dN

  • Size

    67KB

  • Sample

    240930-e2nzzaxhrq

  • MD5

    6f4d57239a285bd219f236fea7466ea0

  • SHA1

    422aaf928bd05fb2eababddf79376d8ce2750430

  • SHA256

    f85f45062d6ca153552db80e36a4f59ccbbd38fe4896962b1b7d1b9e654c0e8d

  • SHA512

    4ae75d65c8fe0832507f3ae2daa4dcf899332b415473fdd9f9e0ac55f27bcce7de05a2c5be4e19403f8a55085f98e406e8ee27ca4458f2108192dc4d6040bf46

  • SSDEEP

    1536:8CcQ14ZVBwVx7Ba1Y3l3irnYqoJk2JZXsJifTduD4oTxwB:/cJVUx7BbV34YJnZXsJibdMTxwB

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f85f45062d6ca153552db80e36a4f59ccbbd38fe4896962b1b7d1b9e654c0e8dN

    • Size

      67KB

    • MD5

      6f4d57239a285bd219f236fea7466ea0

    • SHA1

      422aaf928bd05fb2eababddf79376d8ce2750430

    • SHA256

      f85f45062d6ca153552db80e36a4f59ccbbd38fe4896962b1b7d1b9e654c0e8d

    • SHA512

      4ae75d65c8fe0832507f3ae2daa4dcf899332b415473fdd9f9e0ac55f27bcce7de05a2c5be4e19403f8a55085f98e406e8ee27ca4458f2108192dc4d6040bf46

    • SSDEEP

      1536:8CcQ14ZVBwVx7Ba1Y3l3irnYqoJk2JZXsJifTduD4oTxwB:/cJVUx7BbV34YJnZXsJibdMTxwB

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks