Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2543a0ec30...a1.exe

windows7-x64

10

2543a0ec30...a1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2543a0ec30e38c70b0f768351a64d1376737cbe01780c603a94cd4d449973ea1

  • Size

    704KB

  • Sample

    240919-xvyjyavgmg

  • MD5

    715f1b0a563839dac25d87fb0cbb86d0

  • SHA1

    d10664fb73ef781a619fb31a01971818e00dc832

  • SHA256

    2543a0ec30e38c70b0f768351a64d1376737cbe01780c603a94cd4d449973ea1

  • SHA512

    02e45043fc2e13270e2b4c072295bdeb2b219ffdabf8b99f2698f862114c4a7998dddbd84f754b20014606c6b31f62df684ab9ceb999b63aedf1d141ba0c71bd

  • SSDEEP

    12288:duaph2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiRLsR4P377a20R0Z:duaph2kkkkK4kXkkkkkkkkhLX3a20R0Z

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      2543a0ec30e38c70b0f768351a64d1376737cbe01780c603a94cd4d449973ea1

    • Size

      704KB

    • MD5

      715f1b0a563839dac25d87fb0cbb86d0

    • SHA1

      d10664fb73ef781a619fb31a01971818e00dc832

    • SHA256

      2543a0ec30e38c70b0f768351a64d1376737cbe01780c603a94cd4d449973ea1

    • SHA512

      02e45043fc2e13270e2b4c072295bdeb2b219ffdabf8b99f2698f862114c4a7998dddbd84f754b20014606c6b31f62df684ab9ceb999b63aedf1d141ba0c71bd

    • SSDEEP

      12288:duaph2kkkkK4kXkkkkkkkkl888888888888888888nusMH0QiRLsR4P377a20R0Z:duaph2kkkkK4kXkkkkkkkkhLX3a20R0Z

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks