Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    75e59701076e99358483305d89d8edf5d5d71800d04ef136777fae668f9670a5.exe

  • Size

    63KB

  • Sample

    241222-sa4g8sskbk

  • MD5

    f953ef4c17e4e2ce76f07e98999f9297

  • SHA1

    f098c6859c73785afbd1b31f4219a79470e5fc0b

  • SHA256

    75e59701076e99358483305d89d8edf5d5d71800d04ef136777fae668f9670a5

  • SHA512

    a35f35396f19802bc33e4cfc0890e6de8c44527dbf7272032a79e3293323fc9870b66eb46ff59d87d179d107d3568c7ab1d245e43631cd42e3a592da51dcaf2c

  • SSDEEP

    1536:iwQq0zaZ5zvZiKPtd2X0ve62IY2x255rH1juIZok:iAvUKPtdC0v12IY24rH1juIZok

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://crutop.ru/index.php

http://mazafaka.ru/index.php

http://color-bank.ru/index.php

http://asechka.ru/index.php

http://trojan.ru/index.php

http://fuck.ru/index.php

http://goldensand.ru/index.php

http://filesearch.ru/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://lovingod.host.sk/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

http://promo.ru/index.htm

http://potleaf.chat.ru/index.htm

Targets

    • Target

      75e59701076e99358483305d89d8edf5d5d71800d04ef136777fae668f9670a5.exe

    • Size

      63KB

    • MD5

      f953ef4c17e4e2ce76f07e98999f9297

    • SHA1

      f098c6859c73785afbd1b31f4219a79470e5fc0b

    • SHA256

      75e59701076e99358483305d89d8edf5d5d71800d04ef136777fae668f9670a5

    • SHA512

      a35f35396f19802bc33e4cfc0890e6de8c44527dbf7272032a79e3293323fc9870b66eb46ff59d87d179d107d3568c7ab1d245e43631cd42e3a592da51dcaf2c

    • SSDEEP

      1536:iwQq0zaZ5zvZiKPtd2X0ve62IY2x255rH1juIZok:iAvUKPtdC0v12IY24rH1juIZok

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.