Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

c0ea7e4453...2N.exe

windows7-x64

10

c0ea7e4453...2N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c0ea7e4453da1fbbee9de8d98097f949505bebeb3a72b0dec3a9c5e55325e6b2N

  • Size

    64KB

  • Sample

    241012-x8ezraxerc

  • MD5

    3dedd78b85869d6d9e2c791060c51ab0

  • SHA1

    fc1a0ef58f547a2905ab5c28b65e1c78889c2ddf

  • SHA256

    c0ea7e4453da1fbbee9de8d98097f949505bebeb3a72b0dec3a9c5e55325e6b2

  • SHA512

    09c2e78ffa73a1bbecde7cb5589f9e8d88aed9849cded860df0e6235282f30120fd20f69eca72e5d72de766d8a714c9d9e6e08a7a3b3d0e8eb2dbe8c534ef9d1

  • SSDEEP

    1536:dRpGqoUo2I7PtyxfxKZfG9YsdvsWyOrPFW2iwTbW:Lp3oUo2I7PUZxKZfQ/+XKFW2VTbW

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      c0ea7e4453da1fbbee9de8d98097f949505bebeb3a72b0dec3a9c5e55325e6b2N

    • Size

      64KB

    • MD5

      3dedd78b85869d6d9e2c791060c51ab0

    • SHA1

      fc1a0ef58f547a2905ab5c28b65e1c78889c2ddf

    • SHA256

      c0ea7e4453da1fbbee9de8d98097f949505bebeb3a72b0dec3a9c5e55325e6b2

    • SHA512

      09c2e78ffa73a1bbecde7cb5589f9e8d88aed9849cded860df0e6235282f30120fd20f69eca72e5d72de766d8a714c9d9e6e08a7a3b3d0e8eb2dbe8c534ef9d1

    • SSDEEP

      1536:dRpGqoUo2I7PtyxfxKZfG9YsdvsWyOrPFW2iwTbW:Lp3oUo2I7PUZxKZfQ/+XKFW2VTbW

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks