Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    c9a3e152cc5fa3a72371eac327c8d92fd3cbf44f73493836a4e096f452379925

  • Size

    64KB

  • Sample

    241225-c8ad2svqfq

  • MD5

    e59b2dae8a80075cf297092938d54b30

  • SHA1

    3779b206b8531b2e0c1909ce75bbaa001c35bb4a

  • SHA256

    c9a3e152cc5fa3a72371eac327c8d92fd3cbf44f73493836a4e096f452379925

  • SHA512

    43ab0ef818a189a4e8da13c1a85c0c813ae5adf242343a7602dcc8f8b0c34a05ccbcdb4dd71ebad85b8358bf956d6934d88d5b8bd28a88c98793b487932a6238

  • SSDEEP

    1536:KNO8NVfZZ8FZG8uncCv88+7nBZYsIWyvrPFW2iwTbWv:Oz81Z7eX7FW2VTbWv

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c9a3e152cc5fa3a72371eac327c8d92fd3cbf44f73493836a4e096f452379925

    • Size

      64KB

    • MD5

      e59b2dae8a80075cf297092938d54b30

    • SHA1

      3779b206b8531b2e0c1909ce75bbaa001c35bb4a

    • SHA256

      c9a3e152cc5fa3a72371eac327c8d92fd3cbf44f73493836a4e096f452379925

    • SHA512

      43ab0ef818a189a4e8da13c1a85c0c813ae5adf242343a7602dcc8f8b0c34a05ccbcdb4dd71ebad85b8358bf956d6934d88d5b8bd28a88c98793b487932a6238

    • SSDEEP

      1536:KNO8NVfZZ8FZG8uncCv88+7nBZYsIWyvrPFW2iwTbWv:Oz81Z7eX7FW2VTbWv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks