Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0197d2c7d1f4da30225dc8abd0445d2a1b2e4c762b7016cbadf28eab4c092254N

  • Size

    101KB

  • Sample

    241003-xvh49asaln

  • MD5

    f109daf6c08af7e2d635caf80ea3c6a0

  • SHA1

    caf3936601c7eceb6347c985c3b00b6331b7f3ee

  • SHA256

    0197d2c7d1f4da30225dc8abd0445d2a1b2e4c762b7016cbadf28eab4c092254

  • SHA512

    772bffa264a0ac61e9e74906cb5d8445ccba269d88c6420da208ccf817e9fd9f85d8dbce889147431c9b69338a59100f383eaf4947e22822ed4441d620b1b893

  • SSDEEP

    3072:SnelJ2rH2XVuduXqbyu0sY7q5AnrHY4vDX:cUe2XVd853Anr44vDX

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0197d2c7d1f4da30225dc8abd0445d2a1b2e4c762b7016cbadf28eab4c092254N

    • Size

      101KB

    • MD5

      f109daf6c08af7e2d635caf80ea3c6a0

    • SHA1

      caf3936601c7eceb6347c985c3b00b6331b7f3ee

    • SHA256

      0197d2c7d1f4da30225dc8abd0445d2a1b2e4c762b7016cbadf28eab4c092254

    • SHA512

      772bffa264a0ac61e9e74906cb5d8445ccba269d88c6420da208ccf817e9fd9f85d8dbce889147431c9b69338a59100f383eaf4947e22822ed4441d620b1b893

    • SSDEEP

      3072:SnelJ2rH2XVuduXqbyu0sY7q5AnrHY4vDX:cUe2XVd853Anr44vDX

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks