Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f4aa717b264abd15ef06c7a450d246dce17e63b24d6bebbd764eb3fa6148991b

  • Size

    55KB

  • Sample

    241123-fym4yayqh1

  • MD5

    deb98316d52ae060c6e2827de4b800dd

  • SHA1

    d800a6ccb0f2073ca02435d24fdb36f29c63b267

  • SHA256

    f4aa717b264abd15ef06c7a450d246dce17e63b24d6bebbd764eb3fa6148991b

  • SHA512

    6067f59ce3d6db1dea2d3f225c8e2fc9e338dd27ee4e55b52584608d9b384ca2b7641f640b1f30a2698a20e82a69f89282ed612d3f98b1e594bfb3a02b1991b1

  • SSDEEP

    1536:6Ss5ciyr2/v9skn/m+KNSoNSd0A3shxD6:6Soy6/v+kn+dNXNW0A8hh

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f4aa717b264abd15ef06c7a450d246dce17e63b24d6bebbd764eb3fa6148991b

    • Size

      55KB

    • MD5

      deb98316d52ae060c6e2827de4b800dd

    • SHA1

      d800a6ccb0f2073ca02435d24fdb36f29c63b267

    • SHA256

      f4aa717b264abd15ef06c7a450d246dce17e63b24d6bebbd764eb3fa6148991b

    • SHA512

      6067f59ce3d6db1dea2d3f225c8e2fc9e338dd27ee4e55b52584608d9b384ca2b7641f640b1f30a2698a20e82a69f89282ed612d3f98b1e594bfb3a02b1991b1

    • SSDEEP

      1536:6Ss5ciyr2/v9skn/m+KNSoNSd0A3shxD6:6Soy6/v+kn+dNXNW0A8hh

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.