Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4d55a8b9a8067c097e185c42c481fc46481941dc109464b2c6c9c78a96c6f35aN

  • Size

    49KB

  • Sample

    240930-ndqckascjp

  • MD5

    015cade3249c7fb0c9d2a6da37c82e40

  • SHA1

    29d692c71b2cb4ba392a662ede41f18d68e926b8

  • SHA256

    4d55a8b9a8067c097e185c42c481fc46481941dc109464b2c6c9c78a96c6f35a

  • SHA512

    c899cf2216d0121b8d3176eebff70302ca20f3e2f50176f7bfbd9b62d267141781d00c3c61d53b520a3f9819a248fd2c47d7a7cdb56e8a361d9553af292809b9

  • SSDEEP

    768:EmWuGBEn+ezyhX28QgUtGdj2bZjT9YTg9rSaRjn5FnUMew30T6eUE4uWZ/1H510m:EBe+ayhX20JMZqk9rS8H7302eUEKT5

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      4d55a8b9a8067c097e185c42c481fc46481941dc109464b2c6c9c78a96c6f35aN

    • Size

      49KB

    • MD5

      015cade3249c7fb0c9d2a6da37c82e40

    • SHA1

      29d692c71b2cb4ba392a662ede41f18d68e926b8

    • SHA256

      4d55a8b9a8067c097e185c42c481fc46481941dc109464b2c6c9c78a96c6f35a

    • SHA512

      c899cf2216d0121b8d3176eebff70302ca20f3e2f50176f7bfbd9b62d267141781d00c3c61d53b520a3f9819a248fd2c47d7a7cdb56e8a361d9553af292809b9

    • SSDEEP

      768:EmWuGBEn+ezyhX28QgUtGdj2bZjT9YTg9rSaRjn5FnUMew30T6eUE4uWZ/1H510m:EBe+ayhX20JMZqk9rS8H7302eUEKT5

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks