Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0764dbe00c03b87a677f0adf89d4dba288cf3cf7b31001f3bb7eab14494e6023N

  • Size

    113KB

  • Sample

    241002-1rbsjsyfrq

  • MD5

    d5409fcfad943b26cf1586976e388d40

  • SHA1

    5a70e1dd3b9f4ea86c4208c045e16e141326ca04

  • SHA256

    0764dbe00c03b87a677f0adf89d4dba288cf3cf7b31001f3bb7eab14494e6023

  • SHA512

    b4cfd8badcb8e13f77e4fd8bf4ce6be1c5c601323de3b990ece05b93e27e2684fbf77e68a3d5247a317a50456167b0d866817152019e3e761ffbbdab70d48aa9

  • SSDEEP

    1536:s2dwnjAQnkouOqh5kTIykO617DWkZFfScD7SzCbHWrAW8wTWiliX:stJ05h5kpkOuGkZFfFSebHWrH8wTW0

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0764dbe00c03b87a677f0adf89d4dba288cf3cf7b31001f3bb7eab14494e6023N

    • Size

      113KB

    • MD5

      d5409fcfad943b26cf1586976e388d40

    • SHA1

      5a70e1dd3b9f4ea86c4208c045e16e141326ca04

    • SHA256

      0764dbe00c03b87a677f0adf89d4dba288cf3cf7b31001f3bb7eab14494e6023

    • SHA512

      b4cfd8badcb8e13f77e4fd8bf4ce6be1c5c601323de3b990ece05b93e27e2684fbf77e68a3d5247a317a50456167b0d866817152019e3e761ffbbdab70d48aa9

    • SSDEEP

      1536:s2dwnjAQnkouOqh5kTIykO617DWkZFfScD7SzCbHWrAW8wTWiliX:stJ05h5kpkOuGkZFfFSebHWrH8wTW0

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks