Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0db45ea97bf0061afc0429ad2a5d04bc28a962039a230141bfe7cf058c835e73.exe

  • Size

    128KB

  • Sample

    241225-tza3naykbw

  • MD5

    72d8424f4eeafda60da03e404b77ee64

  • SHA1

    1b70728fd4d6d124da3f5b9a07a514793b64e212

  • SHA256

    0db45ea97bf0061afc0429ad2a5d04bc28a962039a230141bfe7cf058c835e73

  • SHA512

    1d4dff7e23b540fab19bb2a86fa3d8f749bb9d13b1768b06edfca246cc98ca459e6f1f933d54b8caa469cd483058515589e699868fa2b87ac27043ca1494c148

  • SSDEEP

    3072:c9hBnEdCDrFDHZtOgxBOXXwwfBoD6N3h8N5GA:OBnEdK5tTDUZNSN5z

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      0db45ea97bf0061afc0429ad2a5d04bc28a962039a230141bfe7cf058c835e73.exe

    • Size

      128KB

    • MD5

      72d8424f4eeafda60da03e404b77ee64

    • SHA1

      1b70728fd4d6d124da3f5b9a07a514793b64e212

    • SHA256

      0db45ea97bf0061afc0429ad2a5d04bc28a962039a230141bfe7cf058c835e73

    • SHA512

      1d4dff7e23b540fab19bb2a86fa3d8f749bb9d13b1768b06edfca246cc98ca459e6f1f933d54b8caa469cd483058515589e699868fa2b87ac27043ca1494c148

    • SSDEEP

      3072:c9hBnEdCDrFDHZtOgxBOXXwwfBoD6N3h8N5GA:OBnEdK5tTDUZNSN5z

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks