Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6d650bde3b47be745c0ef7b2e760d166b55a09dc6caa13331423eb65c32cf8c7N

  • Size

    448KB

  • Sample

    241014-22rr7avdpj

  • MD5

    5d32c28c082f30034a964d88f3751e90

  • SHA1

    08ff8e60961ea306ed48f6db5080f40255e24c46

  • SHA256

    6d650bde3b47be745c0ef7b2e760d166b55a09dc6caa13331423eb65c32cf8c7

  • SHA512

    eba5503d1a3e4e4f7108c1fbb9c789b980b114c8268ad71d46cb846cae92f63ae4c68eae8583b82d49248dde82cd9c20b91d7e771d9fdf35faba24e20a9e1828

  • SSDEEP

    6144:pEghm56s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nr0xuIKjyAH9SKG:aUd705kWM/9J6gqGBf/sAHZHbgdhgi

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6d650bde3b47be745c0ef7b2e760d166b55a09dc6caa13331423eb65c32cf8c7N

    • Size

      448KB

    • MD5

      5d32c28c082f30034a964d88f3751e90

    • SHA1

      08ff8e60961ea306ed48f6db5080f40255e24c46

    • SHA256

      6d650bde3b47be745c0ef7b2e760d166b55a09dc6caa13331423eb65c32cf8c7

    • SHA512

      eba5503d1a3e4e4f7108c1fbb9c789b980b114c8268ad71d46cb846cae92f63ae4c68eae8583b82d49248dde82cd9c20b91d7e771d9fdf35faba24e20a9e1828

    • SSDEEP

      6144:pEghm56s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nr0xuIKjyAH9SKG:aUd705kWM/9J6gqGBf/sAHZHbgdhgi

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks