Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5eddf040ebafe2c04e3fbf2d43372cd01b8f7033072de0ecc108e055fde11f99

  • Size

    194KB

  • Sample

    241224-2mvkjazlcm

  • MD5

    f5f243f1c618171696524f64aae7f105

  • SHA1

    393a6ddbac0354a71443b0917fda82630c7c0abc

  • SHA256

    5eddf040ebafe2c04e3fbf2d43372cd01b8f7033072de0ecc108e055fde11f99

  • SHA512

    b5ffbc7791dbf811699ade7a87448f87aafa511ba5d394aee03b169e225212d1066a4c5ac1c0857f02cebddf0dcf2f9f2beac58fb8575d40e15c9a354b588e29

  • SSDEEP

    1536:9xPPHVFr6Oh3JQ28raReb0lZatMIM/5/KEatMIGuatMIc/zT4a5GV:D9FWmB8WgymMIM/kEmMIGumMIc/1GV

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      5eddf040ebafe2c04e3fbf2d43372cd01b8f7033072de0ecc108e055fde11f99

    • Size

      194KB

    • MD5

      f5f243f1c618171696524f64aae7f105

    • SHA1

      393a6ddbac0354a71443b0917fda82630c7c0abc

    • SHA256

      5eddf040ebafe2c04e3fbf2d43372cd01b8f7033072de0ecc108e055fde11f99

    • SHA512

      b5ffbc7791dbf811699ade7a87448f87aafa511ba5d394aee03b169e225212d1066a4c5ac1c0857f02cebddf0dcf2f9f2beac58fb8575d40e15c9a354b588e29

    • SSDEEP

      1536:9xPPHVFr6Oh3JQ28raReb0lZatMIM/5/KEatMIGuatMIc/zT4a5GV:D9FWmB8WgymMIM/kEmMIGumMIc/1GV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks