Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7c31839542f617a04a20322cf6a8d391d73fe489238d4b39081856f3b5e32cefN

  • Size

    55KB

  • Sample

    241005-t7wdka1hpc

  • MD5

    aba3c73620bceb64fc46c2697d1dbfe0

  • SHA1

    1cd8e1ace9cb18b757eee72a9517dba84dd9d73e

  • SHA256

    7c31839542f617a04a20322cf6a8d391d73fe489238d4b39081856f3b5e32cef

  • SHA512

    2dc407906835c2e9e03d52825f3c3e9b76cfbcd619d30c1863c93a1682dcf450d3d4a9015ba4e8dff9d5525778be546375d29ddd4be581e192b61fab36c9205a

  • SSDEEP

    1536:dexMxksll/F2EnTXP/lIGwUEO6NSoNSd0A3shxD6:dexMxdvF2EngUEO6NXNW0A8hh

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      7c31839542f617a04a20322cf6a8d391d73fe489238d4b39081856f3b5e32cefN

    • Size

      55KB

    • MD5

      aba3c73620bceb64fc46c2697d1dbfe0

    • SHA1

      1cd8e1ace9cb18b757eee72a9517dba84dd9d73e

    • SHA256

      7c31839542f617a04a20322cf6a8d391d73fe489238d4b39081856f3b5e32cef

    • SHA512

      2dc407906835c2e9e03d52825f3c3e9b76cfbcd619d30c1863c93a1682dcf450d3d4a9015ba4e8dff9d5525778be546375d29ddd4be581e192b61fab36c9205a

    • SSDEEP

      1536:dexMxksll/F2EnTXP/lIGwUEO6NSoNSd0A3shxD6:dexMxdvF2EngUEO6NXNW0A8hh

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks