Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

a880eaf72c...8N.exe

windows7-x64

10

a880eaf72c...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a880eaf72c7b470c58d073770a880cd70240e41fa1ab7186a73d9b2129ded998N

  • Size

    364KB

  • Sample

    240930-kvxanawepr

  • MD5

    c98ecbd55b8ea5ff264bf090729df3c0

  • SHA1

    56cc4ee4ac7899046e72391ac79844aff7e337b8

  • SHA256

    a880eaf72c7b470c58d073770a880cd70240e41fa1ab7186a73d9b2129ded998

  • SHA512

    c9e87430af19f980ddad01a70b5798ea91dceeca81fcf8c95129fd1fd16c20640bc722f164d7bf490ec2f182170815557216f32f5511d9e7b03e9635d1f1f6de

  • SSDEEP

    6144:ydawLJisFj5tT3sFwJk7hDplcsFj5tT3sF:BMEs15tLsp1Dpis15tLs

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      a880eaf72c7b470c58d073770a880cd70240e41fa1ab7186a73d9b2129ded998N

    • Size

      364KB

    • MD5

      c98ecbd55b8ea5ff264bf090729df3c0

    • SHA1

      56cc4ee4ac7899046e72391ac79844aff7e337b8

    • SHA256

      a880eaf72c7b470c58d073770a880cd70240e41fa1ab7186a73d9b2129ded998

    • SHA512

      c9e87430af19f980ddad01a70b5798ea91dceeca81fcf8c95129fd1fd16c20640bc722f164d7bf490ec2f182170815557216f32f5511d9e7b03e9635d1f1f6de

    • SSDEEP

      6144:ydawLJisFj5tT3sFwJk7hDplcsFj5tT3sF:BMEs15tLsp1Dpis15tLs

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks