Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    cab1eb7bfaa85925cd2e745397fb3cdbf81ac1f07c8faef1312e2ffbec72ecb4

  • Size

    163KB

  • Sample

    241208-dmpsaavjhl

  • MD5

    d39af6e4a1ae7e7511f44fa11f256395

  • SHA1

    b77e248cb807fc4844c1072691603e2d394e9a4a

  • SHA256

    cab1eb7bfaa85925cd2e745397fb3cdbf81ac1f07c8faef1312e2ffbec72ecb4

  • SHA512

    0f41968072262bb17f2210963670a504f9bb01c215860a99e06ac43994e76a45ca080623089f3fb31e6e8dc41dabeedb7e6564be48d00cc5f97510efb734744c

  • SSDEEP

    1536:Oof6IR/mGd0Y+jVhyB/lz4qSylQtfeX90AtGRhKW+jujAEjh8DTL9GIvg/SylQ7j:OofH/mGgj3g9z4AYgnWAUjWDUIwLyc4F

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      cab1eb7bfaa85925cd2e745397fb3cdbf81ac1f07c8faef1312e2ffbec72ecb4

    • Size

      163KB

    • MD5

      d39af6e4a1ae7e7511f44fa11f256395

    • SHA1

      b77e248cb807fc4844c1072691603e2d394e9a4a

    • SHA256

      cab1eb7bfaa85925cd2e745397fb3cdbf81ac1f07c8faef1312e2ffbec72ecb4

    • SHA512

      0f41968072262bb17f2210963670a504f9bb01c215860a99e06ac43994e76a45ca080623089f3fb31e6e8dc41dabeedb7e6564be48d00cc5f97510efb734744c

    • SSDEEP

      1536:Oof6IR/mGd0Y+jVhyB/lz4qSylQtfeX90AtGRhKW+jujAEjh8DTL9GIvg/SylQ7j:OofH/mGgj3g9z4AYgnWAUjWDUIwLyc4F

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks