Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f834fe2e74...9N.exe

windows7-x64

10

f834fe2e74...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f834fe2e74e2c772e4a8844a6137d3edb9ec71606da7caca303b99cb3a1a6679N

  • Size

    64KB

  • Sample

    240928-llff8aydrq

  • MD5

    d0848f6a89d43ca5ccc2ff14c4069080

  • SHA1

    7ae2f57aaa470ebfedf358357b90a018a8e74e8e

  • SHA256

    f834fe2e74e2c772e4a8844a6137d3edb9ec71606da7caca303b99cb3a1a6679

  • SHA512

    0351736f26d4426b71df217be39f9dcafa0bc47b509c4985ffe49fca2e93289deae14485726566b436ab005324ca8bb22ea0558cd30b70910b22eff7ffa3e3d9

  • SSDEEP

    1536:wmoZZ5EW2catNZtR7uUzstxgGWyErPFW2iwTbW:wRZZ6WZatNUUzEXoFW2VTbW

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f834fe2e74e2c772e4a8844a6137d3edb9ec71606da7caca303b99cb3a1a6679N

    • Size

      64KB

    • MD5

      d0848f6a89d43ca5ccc2ff14c4069080

    • SHA1

      7ae2f57aaa470ebfedf358357b90a018a8e74e8e

    • SHA256

      f834fe2e74e2c772e4a8844a6137d3edb9ec71606da7caca303b99cb3a1a6679

    • SHA512

      0351736f26d4426b71df217be39f9dcafa0bc47b509c4985ffe49fca2e93289deae14485726566b436ab005324ca8bb22ea0558cd30b70910b22eff7ffa3e3d9

    • SSDEEP

      1536:wmoZZ5EW2catNZtR7uUzstxgGWyErPFW2iwTbW:wRZZ6WZatNUUzEXoFW2VTbW

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks