Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3343a5f16063f15f5d5519ba9224f077929f5217d21d027cf78dd762cae72183N

  • Size

    194KB

  • Sample

    241014-g43bgs1cqf

  • MD5

    08034ef179e9b1c79f1e66a771ac1770

  • SHA1

    10f102af6332a455f9397ad526af961978aa3408

  • SHA256

    3343a5f16063f15f5d5519ba9224f077929f5217d21d027cf78dd762cae72183

  • SHA512

    6f4887d208f04ae10ff36d382c63d4e729342ac08658b2dcf982e580a874eff441014af3ef74260356269236119405a9d718988ec08c3bec27edbc8567909069

  • SSDEEP

    6144:BuzIdOrEEEEF4/+vuOdSfUNRbCeKpNYxWlJ7mkD6pNY:w

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      3343a5f16063f15f5d5519ba9224f077929f5217d21d027cf78dd762cae72183N

    • Size

      194KB

    • MD5

      08034ef179e9b1c79f1e66a771ac1770

    • SHA1

      10f102af6332a455f9397ad526af961978aa3408

    • SHA256

      3343a5f16063f15f5d5519ba9224f077929f5217d21d027cf78dd762cae72183

    • SHA512

      6f4887d208f04ae10ff36d382c63d4e729342ac08658b2dcf982e580a874eff441014af3ef74260356269236119405a9d718988ec08c3bec27edbc8567909069

    • SSDEEP

      6144:BuzIdOrEEEEF4/+vuOdSfUNRbCeKpNYxWlJ7mkD6pNY:w

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks