Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    921e562eef7e9e9a14d5f8e927c5d981f7e8ef00f34cf25340c8d212d0c62b4fN

  • Size

    226KB

  • Sample

    241015-dae3bavclj

  • MD5

    f508f639be51a5c9f05409191c4407d0

  • SHA1

    92ee302cc66bd7e517954c4973ee7f7a18dc8a39

  • SHA256

    921e562eef7e9e9a14d5f8e927c5d981f7e8ef00f34cf25340c8d212d0c62b4f

  • SHA512

    b29af83f41b7fabf92d0d7913ef530cb5d72dc9566e172beed93d190848c4b1f9829864807be57d822bd24065887c5c3f5027f6de8e86853e29bc2d4555f5763

  • SSDEEP

    3072:l2W2OcyDKcWmjRvDKcpDKcWmjRrzNtQtjDKcWmjRrzNtb:l2acLxEtQtsEtb

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      921e562eef7e9e9a14d5f8e927c5d981f7e8ef00f34cf25340c8d212d0c62b4fN

    • Size

      226KB

    • MD5

      f508f639be51a5c9f05409191c4407d0

    • SHA1

      92ee302cc66bd7e517954c4973ee7f7a18dc8a39

    • SHA256

      921e562eef7e9e9a14d5f8e927c5d981f7e8ef00f34cf25340c8d212d0c62b4f

    • SHA512

      b29af83f41b7fabf92d0d7913ef530cb5d72dc9566e172beed93d190848c4b1f9829864807be57d822bd24065887c5c3f5027f6de8e86853e29bc2d4555f5763

    • SSDEEP

      3072:l2W2OcyDKcWmjRvDKcpDKcWmjRrzNtQtjDKcWmjRrzNtb:l2acLxEtQtsEtb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks