Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6582ea96466235e7136069d8ca807da75e57f5253b4b3819a2216901ff01c08b

  • Size

    52KB

  • Sample

    241017-2kg7es1brb

  • MD5

    250acc942b8c3585894b51442a3bb205

  • SHA1

    5df9d1909546318eccf393c76b7884ee2ea23c04

  • SHA256

    6582ea96466235e7136069d8ca807da75e57f5253b4b3819a2216901ff01c08b

  • SHA512

    43f5264d691c39df39d2efa393bf52a1e0701326eda53c72d14a3c508bf38baca13573efce79e3c39aa47f025af50f1db2a2ee72e456f488da34ceba6307a07a

  • SSDEEP

    768:rergUkqu0+gtDMR3JtDiJrutH0dzOK/Grc5ITj0z/1H5F/s9MABvKWe:rr3KtNE3JirUWOKerc0j0lkMAdKZ

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      6582ea96466235e7136069d8ca807da75e57f5253b4b3819a2216901ff01c08b

    • Size

      52KB

    • MD5

      250acc942b8c3585894b51442a3bb205

    • SHA1

      5df9d1909546318eccf393c76b7884ee2ea23c04

    • SHA256

      6582ea96466235e7136069d8ca807da75e57f5253b4b3819a2216901ff01c08b

    • SHA512

      43f5264d691c39df39d2efa393bf52a1e0701326eda53c72d14a3c508bf38baca13573efce79e3c39aa47f025af50f1db2a2ee72e456f488da34ceba6307a07a

    • SSDEEP

      768:rergUkqu0+gtDMR3JtDiJrutH0dzOK/Grc5ITj0z/1H5F/s9MABvKWe:rr3KtNE3JirUWOKerc0j0lkMAdKZ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks