Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ef3682cc05...3N.exe

windows7-x64

10

ef3682cc05...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ef3682cc0554ece9320787b599b862baf45c07eb6a7eb70686c044b7599c2be3N

  • Size

    63KB

  • Sample

    241013-t7t6hawgkg

  • MD5

    a266346aaa29ce3df5b377b080e17950

  • SHA1

    b6baadb5378bb4db955806c6cb3c5a7e3176c44a

  • SHA256

    ef3682cc0554ece9320787b599b862baf45c07eb6a7eb70686c044b7599c2be3

  • SHA512

    2d0d1ac4af3a994fe1d0c3fcdc91897aa1eca4fd481f8a56d78bb32d6fcd55a36b8733323d598a2028377ef41340984198095bab3cb9c1780d6dff66184b3146

  • SSDEEP

    1536:eFeC0u9nPwlJlX/BwI4mNmA7e7Y3+V+En9rjDHE:eB0u1WHP+I45vY3o+k9DHE

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      ef3682cc0554ece9320787b599b862baf45c07eb6a7eb70686c044b7599c2be3N

    • Size

      63KB

    • MD5

      a266346aaa29ce3df5b377b080e17950

    • SHA1

      b6baadb5378bb4db955806c6cb3c5a7e3176c44a

    • SHA256

      ef3682cc0554ece9320787b599b862baf45c07eb6a7eb70686c044b7599c2be3

    • SHA512

      2d0d1ac4af3a994fe1d0c3fcdc91897aa1eca4fd481f8a56d78bb32d6fcd55a36b8733323d598a2028377ef41340984198095bab3cb9c1780d6dff66184b3146

    • SSDEEP

      1536:eFeC0u9nPwlJlX/BwI4mNmA7e7Y3+V+En9rjDHE:eB0u1WHP+I45vY3o+k9DHE

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks