Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    fe1adf344ac2df1a30b8016032d5560606d343bbb164608210dc8d894e40cd51N

  • Size

    63KB

  • Sample

    241012-hctqpsybrc

  • MD5

    827557ad2bf9511c705eba0afe552b10

  • SHA1

    5cd4c3ac6fcbe1b8594c5ae1118c5f3c2d5b36ea

  • SHA256

    fe1adf344ac2df1a30b8016032d5560606d343bbb164608210dc8d894e40cd51

  • SHA512

    755b7ce99204725e2ac4f06e871cd9bc9f62f79b564bc3f3a8df62fb5dab9dc51aa4bf085c8a447467c4fe37c3474fe4c18c4329b3505ccc3101719bacb79199

  • SSDEEP

    1536:wPcEijDQJzm4NgdZ4fSwZ23lTwCl+VGEn9rjDHE:wPej0JabCSwwp1oGk9DHE

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      fe1adf344ac2df1a30b8016032d5560606d343bbb164608210dc8d894e40cd51N

    • Size

      63KB

    • MD5

      827557ad2bf9511c705eba0afe552b10

    • SHA1

      5cd4c3ac6fcbe1b8594c5ae1118c5f3c2d5b36ea

    • SHA256

      fe1adf344ac2df1a30b8016032d5560606d343bbb164608210dc8d894e40cd51

    • SHA512

      755b7ce99204725e2ac4f06e871cd9bc9f62f79b564bc3f3a8df62fb5dab9dc51aa4bf085c8a447467c4fe37c3474fe4c18c4329b3505ccc3101719bacb79199

    • SSDEEP

      1536:wPcEijDQJzm4NgdZ4fSwZ23lTwCl+VGEn9rjDHE:wPej0JabCSwwp1oGk9DHE

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks