Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a1f722f1add11fa3aae1bd955b474d9f557db15ddd84b8a271904d02cb354bfcN

  • Size

    59KB

  • Sample

    241002-312fnsxelf

  • MD5

    5d3857893376ca674ca46ce62b6a37f0

  • SHA1

    b251985c25d5a0fb6344320bb83e75e11a983c8e

  • SHA256

    a1f722f1add11fa3aae1bd955b474d9f557db15ddd84b8a271904d02cb354bfc

  • SHA512

    6289f2f14f155b4c2af27b51111bae30d3dab02ffd904d9c732db79dc8013cd5679f8d8ad067cc9b3dfcfadb8cf0601a283235de3c238ef28b8ca648e0babcf7

  • SSDEEP

    768:4nI/Vtnaxwrm/5T4ybk3UxmOQZwmBNffOhTxoBRfoqZ/1H5765nf1fZMEBFELvkH:4nI/ramrA4EcPZ1NOhT/AxGNCyVso

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a1f722f1add11fa3aae1bd955b474d9f557db15ddd84b8a271904d02cb354bfcN

    • Size

      59KB

    • MD5

      5d3857893376ca674ca46ce62b6a37f0

    • SHA1

      b251985c25d5a0fb6344320bb83e75e11a983c8e

    • SHA256

      a1f722f1add11fa3aae1bd955b474d9f557db15ddd84b8a271904d02cb354bfc

    • SHA512

      6289f2f14f155b4c2af27b51111bae30d3dab02ffd904d9c732db79dc8013cd5679f8d8ad067cc9b3dfcfadb8cf0601a283235de3c238ef28b8ca648e0babcf7

    • SSDEEP

      768:4nI/Vtnaxwrm/5T4ybk3UxmOQZwmBNffOhTxoBRfoqZ/1H5765nf1fZMEBFELvkH:4nI/ramrA4EcPZ1NOhT/AxGNCyVso

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks