Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ab41718f3f...bN.exe

windows7-x64

10

ab41718f3f...bN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab41718f3f2d503a77d6e8ae232c41d4b7685cfa03bf3363397a1d288460949bN

  • Size

    49KB

  • Sample

    240919-sjekgavdrc

  • MD5

    3bdef77fa6dafe988af3750c18ca9a00

  • SHA1

    e1a5aacd5cd09bc353c32cef52d9cfe63c2992ba

  • SHA256

    ab41718f3f2d503a77d6e8ae232c41d4b7685cfa03bf3363397a1d288460949b

  • SHA512

    818309aaae43f31cc2e8d9b7ab50793fb8fe22910468908d0e18d52f6e75ce7b051af4808d552632f5b6eb01061da53ba85f59f41476ca0eee6847020f617fa8

  • SSDEEP

    768:EmdZeBxZtrWvtOUw3lRGdJN5PlRJzFjjZWdyBGbQO/WIL+Y2Ted41HVafm+Y/1HN:EmOBbtry53jTPlR5FKyFO/12qCVEeuw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ab41718f3f2d503a77d6e8ae232c41d4b7685cfa03bf3363397a1d288460949bN

    • Size

      49KB

    • MD5

      3bdef77fa6dafe988af3750c18ca9a00

    • SHA1

      e1a5aacd5cd09bc353c32cef52d9cfe63c2992ba

    • SHA256

      ab41718f3f2d503a77d6e8ae232c41d4b7685cfa03bf3363397a1d288460949b

    • SHA512

      818309aaae43f31cc2e8d9b7ab50793fb8fe22910468908d0e18d52f6e75ce7b051af4808d552632f5b6eb01061da53ba85f59f41476ca0eee6847020f617fa8

    • SSDEEP

      768:EmdZeBxZtrWvtOUw3lRGdJN5PlRJzFjjZWdyBGbQO/WIL+Y2Ted41HVafm+Y/1HN:EmOBbtry53jTPlR5FKyFO/12qCVEeuw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks