Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

baaf974cf3...9e.exe

windows7-x64

10

baaf974cf3...9e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    baaf974cf38dd0f67eea39fc25621cc89d8e1efb4262cf4b60f065574d05a49e

  • Size

    67KB

  • Sample

    241013-cwh6esvbma

  • MD5

    666b4118da81c8570adf4e2a1b03e939

  • SHA1

    22c333fe9cd7bd1e5dce73a7d37190fc3a5e8d83

  • SHA256

    baaf974cf38dd0f67eea39fc25621cc89d8e1efb4262cf4b60f065574d05a49e

  • SHA512

    42195026d35a764a36b62d168df8a8f410a0edc1759eeabaf0179d3e5fecb7d2ea4b6f42c064c1f3622428f5aeda73d462bfed93c9fbc26b5b8af401ef56227f

  • SSDEEP

    1536:QeWXuKCsNwPEAlDVizds08wnCP2sJifTduD4oTxw:QeKxGXlwziP2sJibdMTxw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      baaf974cf38dd0f67eea39fc25621cc89d8e1efb4262cf4b60f065574d05a49e

    • Size

      67KB

    • MD5

      666b4118da81c8570adf4e2a1b03e939

    • SHA1

      22c333fe9cd7bd1e5dce73a7d37190fc3a5e8d83

    • SHA256

      baaf974cf38dd0f67eea39fc25621cc89d8e1efb4262cf4b60f065574d05a49e

    • SHA512

      42195026d35a764a36b62d168df8a8f410a0edc1759eeabaf0179d3e5fecb7d2ea4b6f42c064c1f3622428f5aeda73d462bfed93c9fbc26b5b8af401ef56227f

    • SSDEEP

      1536:QeWXuKCsNwPEAlDVizds08wnCP2sJifTduD4oTxw:QeKxGXlwziP2sJibdMTxw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks