Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    527d08d7f876751a2833d898b31d9f551089a733f348618a5896c4470d063227N.exe

  • Size

    96KB

  • Sample

    241128-wcg9kavlgy

  • MD5

    1b5795b61300705eb5e54fb7418df100

  • SHA1

    03bbe91941984d5e2e06c7ac4f10216bd0fef13a

  • SHA256

    527d08d7f876751a2833d898b31d9f551089a733f348618a5896c4470d063227

  • SHA512

    721c0ee6695c1d5672d43da49ac04d9128d48ffcca268a4ccf74d32a0fc8ac1ff784e7830d82910681d4c478658d0dd2df59c0cf42e4eecc0be425359e0d03cb

  • SSDEEP

    1536:uILEaCaI0oCSzYSW5/Ta9QUSuBPC2Lq7RZObZUUWaegPYAi:uILmazSzYSW5baSUSuBXqClUUWae3

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

http://promo.ru/index.htm

http://potleaf.chat.ru/index.htm

Targets

    • Target

      527d08d7f876751a2833d898b31d9f551089a733f348618a5896c4470d063227N.exe

    • Size

      96KB

    • MD5

      1b5795b61300705eb5e54fb7418df100

    • SHA1

      03bbe91941984d5e2e06c7ac4f10216bd0fef13a

    • SHA256

      527d08d7f876751a2833d898b31d9f551089a733f348618a5896c4470d063227

    • SHA512

      721c0ee6695c1d5672d43da49ac04d9128d48ffcca268a4ccf74d32a0fc8ac1ff784e7830d82910681d4c478658d0dd2df59c0cf42e4eecc0be425359e0d03cb

    • SSDEEP

      1536:uILEaCaI0oCSzYSW5/Ta9QUSuBPC2Lq7RZObZUUWaegPYAi:uILmazSzYSW5baSUSuBXqClUUWae3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Brute Ratel C4

      A customized command and control framework for red teaming and adversary simulation.

    • Bruteratel family

    • Detect BruteRatel badger

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.