Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3b0c047848ecb06e0f64f72c4cf5e5dd4d41853d9f0129b7e50adb73601ae12dN

  • Size

    64KB

  • Sample

    241005-pwkqgaxgpf

  • MD5

    62a133e86d98e46f3c7bc0e4a8808eb0

  • SHA1

    5ad0f15fa7fc971e95eb08ad9ef8cbaddb3df6e0

  • SHA256

    3b0c047848ecb06e0f64f72c4cf5e5dd4d41853d9f0129b7e50adb73601ae12d

  • SHA512

    4831054b7d0cf3d5077c29c9a88b7128aba1080456ebfc435f2d627f24aa90f25ffac9101d438b905cbbdde084170665724185ea31a88fcce4be424340d3147f

  • SSDEEP

    1536:J0KcE91bU7NL8dwzVI0aG8ZlHpvnjMnWyGrPFW2iwTbW:z1gudw3j8ZlJPjuXyFW2VTbW

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      3b0c047848ecb06e0f64f72c4cf5e5dd4d41853d9f0129b7e50adb73601ae12dN

    • Size

      64KB

    • MD5

      62a133e86d98e46f3c7bc0e4a8808eb0

    • SHA1

      5ad0f15fa7fc971e95eb08ad9ef8cbaddb3df6e0

    • SHA256

      3b0c047848ecb06e0f64f72c4cf5e5dd4d41853d9f0129b7e50adb73601ae12d

    • SHA512

      4831054b7d0cf3d5077c29c9a88b7128aba1080456ebfc435f2d627f24aa90f25ffac9101d438b905cbbdde084170665724185ea31a88fcce4be424340d3147f

    • SSDEEP

      1536:J0KcE91bU7NL8dwzVI0aG8ZlHpvnjMnWyGrPFW2iwTbW:z1gudw3j8ZlJPjuXyFW2VTbW

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks