Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c3eb358aedb7462eb6f1f76835ed39c8116302e3ea464cb4e58056d182c4b99c

  • Size

    91KB

  • Sample

    241006-cg8sjatglh

  • MD5

    758cfa93adfffc7d417b6acb342bd9be

  • SHA1

    4b35d22cbf30a510d76ac967c19a914ce3270275

  • SHA256

    c3eb358aedb7462eb6f1f76835ed39c8116302e3ea464cb4e58056d182c4b99c

  • SHA512

    1e12273a3b1a7bac8b0e48760ccf3742f0be3e67f0a335b12aaa584d50de86a8a753adb6b8aca121cd50082f2fcf6bbb34b75a51d9743c5b00eda34a64b4216a

  • SSDEEP

    1536:9CtAmp25SbVzsPaK4S6lNDKlLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXd45J:wtAm+Sb5s1T6vKlLBsLnVUUHyNwtN4/G

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c3eb358aedb7462eb6f1f76835ed39c8116302e3ea464cb4e58056d182c4b99c

    • Size

      91KB

    • MD5

      758cfa93adfffc7d417b6acb342bd9be

    • SHA1

      4b35d22cbf30a510d76ac967c19a914ce3270275

    • SHA256

      c3eb358aedb7462eb6f1f76835ed39c8116302e3ea464cb4e58056d182c4b99c

    • SHA512

      1e12273a3b1a7bac8b0e48760ccf3742f0be3e67f0a335b12aaa584d50de86a8a753adb6b8aca121cd50082f2fcf6bbb34b75a51d9743c5b00eda34a64b4216a

    • SSDEEP

      1536:9CtAmp25SbVzsPaK4S6lNDKlLBsLnVLdGUHyNwtN4/nLLVaBlEaaaaaadhXd45J:wtAm+Sb5s1T6vKlLBsLnVUUHyNwtN4/G

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks