Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f5b19ce0c7cba9203e3d9aa20455f3442ffa3f877a3101d84a76930a4af05ead

  • Size

    52KB

  • Sample

    241014-gh24lazhpe

  • MD5

    5d6b4f36c2034c3893d9f04068e897bc

  • SHA1

    28e6381d224bf1ebbcf661c9fe882d99cee9573b

  • SHA256

    f5b19ce0c7cba9203e3d9aa20455f3442ffa3f877a3101d84a76930a4af05ead

  • SHA512

    6347cee09a0f47250ec2da626bc0cac5c4c1ed7340b965ddbe6ff17e218701f9d6ef03b71d3ab8e5da5825f71f7987e49cbcbb263e1bfa87a657f30d683acdca

  • SSDEEP

    768:aovK8xpxnk2K39n6+yujv0tfzkvaAfXz11oyGjOUSMy/1H5F/sUMABvKWe:lhvkjtn1jv017Av7rGKUSM49MAdKZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f5b19ce0c7cba9203e3d9aa20455f3442ffa3f877a3101d84a76930a4af05ead

    • Size

      52KB

    • MD5

      5d6b4f36c2034c3893d9f04068e897bc

    • SHA1

      28e6381d224bf1ebbcf661c9fe882d99cee9573b

    • SHA256

      f5b19ce0c7cba9203e3d9aa20455f3442ffa3f877a3101d84a76930a4af05ead

    • SHA512

      6347cee09a0f47250ec2da626bc0cac5c4c1ed7340b965ddbe6ff17e218701f9d6ef03b71d3ab8e5da5825f71f7987e49cbcbb263e1bfa87a657f30d683acdca

    • SSDEEP

      768:aovK8xpxnk2K39n6+yujv0tfzkvaAfXz11oyGjOUSMy/1H5F/sUMABvKWe:lhvkjtn1jv017Av7rGKUSM49MAdKZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks