Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    29691cd618cb47aa998d319ac61b929bc2562408749130b0e839e96717d0fefaN

  • Size

    59KB

  • Sample

    241012-kt7d8sxbpp

  • MD5

    3f385ed16b86f3f22a5055cba931be30

  • SHA1

    994d96383b8c99eb72784f2e672cac73ac04269b

  • SHA256

    29691cd618cb47aa998d319ac61b929bc2562408749130b0e839e96717d0fefa

  • SHA512

    c62f261f5cf0384c0232085b5acf768f58f5fec73eb7a0c00e74e21f73b7bc38a859d99b98f718ed17927cbfd43c54db5970f5806ca2a3b1e4052c0e967c255a

  • SSDEEP

    768:iZSXHUfJTMCDI3e1DuolFrZAiDdJXjoSILelvfsUJ4CBU4Z/1H5u5nf1fZMEBFEI:7XUfJ7MiuozrILcbXBTMNCyVso

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      29691cd618cb47aa998d319ac61b929bc2562408749130b0e839e96717d0fefaN

    • Size

      59KB

    • MD5

      3f385ed16b86f3f22a5055cba931be30

    • SHA1

      994d96383b8c99eb72784f2e672cac73ac04269b

    • SHA256

      29691cd618cb47aa998d319ac61b929bc2562408749130b0e839e96717d0fefa

    • SHA512

      c62f261f5cf0384c0232085b5acf768f58f5fec73eb7a0c00e74e21f73b7bc38a859d99b98f718ed17927cbfd43c54db5970f5806ca2a3b1e4052c0e967c255a

    • SSDEEP

      768:iZSXHUfJTMCDI3e1DuolFrZAiDdJXjoSILelvfsUJ4CBU4Z/1H5u5nf1fZMEBFEI:7XUfJ7MiuozrILcbXBTMNCyVso

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks