Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    01889f6fc071d25c1107761ce08469d701f01b9e2307ece4177c244c11d3d55bN

  • Size

    52KB

  • Sample

    241013-vhwtgaxdjb

  • MD5

    7c4b6c2c6d4cf9451001f89df2dad030

  • SHA1

    b522aa1d90215458b656caa290c599892467b8d2

  • SHA256

    01889f6fc071d25c1107761ce08469d701f01b9e2307ece4177c244c11d3d55b

  • SHA512

    7f435bcd67b0601a289af3efdf83cc55bf1c65494171ab049f81af327db8fcae4e17869b8bf30018cb56159cb1a15284eec90f8241f618bd3c26f74a4c53913e

  • SSDEEP

    1536:xcQ0O21atWsNdee3OVMYbyv1yyyyyyyyP+ZVMAdKZ:gtaNuQY+4ZVMRZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      01889f6fc071d25c1107761ce08469d701f01b9e2307ece4177c244c11d3d55bN

    • Size

      52KB

    • MD5

      7c4b6c2c6d4cf9451001f89df2dad030

    • SHA1

      b522aa1d90215458b656caa290c599892467b8d2

    • SHA256

      01889f6fc071d25c1107761ce08469d701f01b9e2307ece4177c244c11d3d55b

    • SHA512

      7f435bcd67b0601a289af3efdf83cc55bf1c65494171ab049f81af327db8fcae4e17869b8bf30018cb56159cb1a15284eec90f8241f618bd3c26f74a4c53913e

    • SSDEEP

      1536:xcQ0O21atWsNdee3OVMYbyv1yyyyyyyyP+ZVMAdKZ:gtaNuQY+4ZVMRZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks