Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    768b585a44cdfbb34e2f348bd52a00acd93159a41ce1e9908232ce29eb4f2119N

  • Size

    176KB

  • Sample

    241002-aydmlssckg

  • MD5

    adde257da6b2e3c27fef01e9407d7270

  • SHA1

    0fb637667f75c72938d6a1bd41ca745c2581639a

  • SHA256

    768b585a44cdfbb34e2f348bd52a00acd93159a41ce1e9908232ce29eb4f2119

  • SHA512

    e10006fd49d626b4af81da400bc9077f9139cee344cf14f04b065f2fa7d6c99b78dfab02cc0bb2ee8717c596af4b1d33d6f851a8556406caa96f419e26b26397

  • SSDEEP

    3072:tLWXOc6m1cjENRZ9wmAOIayGsOOJF4EISi/i4gG4npAjmA39QQIckJI:uOlm1nTZ9EaUn4yjK99QQd

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      768b585a44cdfbb34e2f348bd52a00acd93159a41ce1e9908232ce29eb4f2119N

    • Size

      176KB

    • MD5

      adde257da6b2e3c27fef01e9407d7270

    • SHA1

      0fb637667f75c72938d6a1bd41ca745c2581639a

    • SHA256

      768b585a44cdfbb34e2f348bd52a00acd93159a41ce1e9908232ce29eb4f2119

    • SHA512

      e10006fd49d626b4af81da400bc9077f9139cee344cf14f04b065f2fa7d6c99b78dfab02cc0bb2ee8717c596af4b1d33d6f851a8556406caa96f419e26b26397

    • SSDEEP

      3072:tLWXOc6m1cjENRZ9wmAOIayGsOOJF4EISi/i4gG4npAjmA39QQIckJI:uOlm1nTZ9EaUn4yjK99QQd

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks