Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    39aba97bb257d5fd129afc022d9e7b772a2cd246c41554bfa2bd2baad651648cN

  • Size

    52KB

  • Sample

    241017-1mqqxa1erj

  • MD5

    6a4766fbcbf2b73bc10de90d5aa45490

  • SHA1

    1a755888c145be65c3e854fd31fde5d9b60fdfc2

  • SHA256

    39aba97bb257d5fd129afc022d9e7b772a2cd246c41554bfa2bd2baad651648c

  • SHA512

    187f774135db497af3c961fa93801c1f532d7c5c06637bae0c33e761b9395feaa6735ba09fe39a444308a3410c4f764565c00a40c6eed5454010feed94fca6eb

  • SSDEEP

    768:mT/LQxDl8DvgXNlcDp1ibv9wqt5lzJSySYudwsVMMMz2LvTnu1/1H5F/seMABvKZ:mT/L+QDkWqzr1S5dfVMMMzwSvXMAdKZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      39aba97bb257d5fd129afc022d9e7b772a2cd246c41554bfa2bd2baad651648cN

    • Size

      52KB

    • MD5

      6a4766fbcbf2b73bc10de90d5aa45490

    • SHA1

      1a755888c145be65c3e854fd31fde5d9b60fdfc2

    • SHA256

      39aba97bb257d5fd129afc022d9e7b772a2cd246c41554bfa2bd2baad651648c

    • SHA512

      187f774135db497af3c961fa93801c1f532d7c5c06637bae0c33e761b9395feaa6735ba09fe39a444308a3410c4f764565c00a40c6eed5454010feed94fca6eb

    • SSDEEP

      768:mT/LQxDl8DvgXNlcDp1ibv9wqt5lzJSySYudwsVMMMz2LvTnu1/1H5F/seMABvKZ:mT/L+QDkWqzr1S5dfVMMMzwSvXMAdKZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks