Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

c4253e4e72...0N.exe

windows7-x64

10

c4253e4e72...0N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4253e4e722e2dcced944c707d54665f963642bf67eea79eefd1315ac33a7400N

  • Size

    69KB

  • Sample

    241012-kkp4lawhjp

  • MD5

    36338a7839de24a6b55766ebdfb802a0

  • SHA1

    84de1600523fa8fb9d2d8a46e4aa9d0b78927d29

  • SHA256

    c4253e4e722e2dcced944c707d54665f963642bf67eea79eefd1315ac33a7400

  • SHA512

    e12001c4dfc96107fc0f60b6462a53db2ade0a36e27292d43ccbaa5effe1382aac483a000e2791629fad2b612fe3a5ca5020ee1d694eb57e1d531f1fff17f355

  • SSDEEP

    1536:2B1CsHzE7Dnj1zii1c7GvuGZfmaU3Nein/GFZCeDAyY:YCv7YAc7iZfmV3NFn/GFZC1yY

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c4253e4e722e2dcced944c707d54665f963642bf67eea79eefd1315ac33a7400N

    • Size

      69KB

    • MD5

      36338a7839de24a6b55766ebdfb802a0

    • SHA1

      84de1600523fa8fb9d2d8a46e4aa9d0b78927d29

    • SHA256

      c4253e4e722e2dcced944c707d54665f963642bf67eea79eefd1315ac33a7400

    • SHA512

      e12001c4dfc96107fc0f60b6462a53db2ade0a36e27292d43ccbaa5effe1382aac483a000e2791629fad2b612fe3a5ca5020ee1d694eb57e1d531f1fff17f355

    • SSDEEP

      1536:2B1CsHzE7Dnj1zii1c7GvuGZfmaU3Nein/GFZCeDAyY:YCv7YAc7iZfmV3NFn/GFZC1yY

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks