Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ad9db33d56...8N.exe

windows7-x64

10

ad9db33d56...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad9db33d56f2b2c8749e8048b5eb925956d93d8c4f9620dd41a90a3af3253838N

  • Size

    67KB

  • Sample

    241013-ae724staqr

  • MD5

    cd0a5ce0f43165bbc33b98b7d988fcb0

  • SHA1

    e7e75f36ae2f5721c6b312c371252e42a51b6b62

  • SHA256

    ad9db33d56f2b2c8749e8048b5eb925956d93d8c4f9620dd41a90a3af3253838

  • SHA512

    061097ff5de4636da377cfeb2afd97e4a870f7abcdc8669f80cf031f2e02f05f71c05ae785f79bbb1b2d97257e3ceb502edef62ea152f5dbe7fe0cf958ada242

  • SSDEEP

    1536:H33QTKWgKXTQDAAJPg14sJifTduD4oTxw:H33kgKXTWAAZg2sJibdMTxw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ad9db33d56f2b2c8749e8048b5eb925956d93d8c4f9620dd41a90a3af3253838N

    • Size

      67KB

    • MD5

      cd0a5ce0f43165bbc33b98b7d988fcb0

    • SHA1

      e7e75f36ae2f5721c6b312c371252e42a51b6b62

    • SHA256

      ad9db33d56f2b2c8749e8048b5eb925956d93d8c4f9620dd41a90a3af3253838

    • SHA512

      061097ff5de4636da377cfeb2afd97e4a870f7abcdc8669f80cf031f2e02f05f71c05ae785f79bbb1b2d97257e3ceb502edef62ea152f5dbe7fe0cf958ada242

    • SSDEEP

      1536:H33QTKWgKXTQDAAJPg14sJifTduD4oTxw:H33kgKXTWAAZg2sJibdMTxw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks