Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

7423051e0c...2N.exe

windows7-x64

10

7423051e0c...2N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7423051e0c9d969d98da7248abd2da3dc0d81bf03137891248afce95f56686a2N

  • Size

    62KB

  • Sample

    241008-2x4k7awbnr

  • MD5

    52fc8036f50d77316fe739554d1bfb50

  • SHA1

    4ea3d916d301f24c46ccc70206c3408ddc66e053

  • SHA256

    7423051e0c9d969d98da7248abd2da3dc0d81bf03137891248afce95f56686a2

  • SHA512

    efda1cf7a8bd758c947ce29c776c65b9d942f2a4a1a558bce1f4cae7c8dd31be5f446437101e2476577750ca1b8a732d981cf0001cd1a7d3fb4b45b2ca76f659

  • SSDEEP

    1536:s5xJowzCtA/xwBQCFC9q3Nn8sy2ve8Cy:0Ya4HB+sxjve8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Targets

    • Target

      7423051e0c9d969d98da7248abd2da3dc0d81bf03137891248afce95f56686a2N

    • Size

      62KB

    • MD5

      52fc8036f50d77316fe739554d1bfb50

    • SHA1

      4ea3d916d301f24c46ccc70206c3408ddc66e053

    • SHA256

      7423051e0c9d969d98da7248abd2da3dc0d81bf03137891248afce95f56686a2

    • SHA512

      efda1cf7a8bd758c947ce29c776c65b9d942f2a4a1a558bce1f4cae7c8dd31be5f446437101e2476577750ca1b8a732d981cf0001cd1a7d3fb4b45b2ca76f659

    • SSDEEP

      1536:s5xJowzCtA/xwBQCFC9q3Nn8sy2ve8Cy:0Ya4HB+sxjve8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.