Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d6728967178921014e21dfae07711dbfc0731a1eb88161004a2724bbabcf1376N

  • Size

    91KB

  • Sample

    241004-fqladazdnh

  • MD5

    7fe56c98c4a61eb8dab7113aa76e8a40

  • SHA1

    9d1e846abbf7e594e70edc76092ad1067cf63c22

  • SHA256

    d6728967178921014e21dfae07711dbfc0731a1eb88161004a2724bbabcf1376

  • SHA512

    33c28c045b32cff5f02e6e780f0a0a9f15fc9ebc0701a5b25475eba17671b8cec07a4d2408327d43b924321239ab60ec52d0ea73f9471a439496d9fc784305ff

  • SSDEEP

    1536:C7MFKQtwzvcgz4weZZs1wQtkfnLyDXdi8pE4g5a3iZ8saqYko:SMhWEyeI1w9GDN3E4xSzWP

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      d6728967178921014e21dfae07711dbfc0731a1eb88161004a2724bbabcf1376N

    • Size

      91KB

    • MD5

      7fe56c98c4a61eb8dab7113aa76e8a40

    • SHA1

      9d1e846abbf7e594e70edc76092ad1067cf63c22

    • SHA256

      d6728967178921014e21dfae07711dbfc0731a1eb88161004a2724bbabcf1376

    • SHA512

      33c28c045b32cff5f02e6e780f0a0a9f15fc9ebc0701a5b25475eba17671b8cec07a4d2408327d43b924321239ab60ec52d0ea73f9471a439496d9fc784305ff

    • SSDEEP

      1536:C7MFKQtwzvcgz4weZZs1wQtkfnLyDXdi8pE4g5a3iZ8saqYko:SMhWEyeI1w9GDN3E4xSzWP

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks