Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

1dc4ce530d...dN.exe

windows7-x64

10

1dc4ce530d...dN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1dc4ce530da63fbcad1123138256484b1ce8e7fda2dfd23550a8f942b9cd20fdN

  • Size

    250KB

  • Sample

    241015-aadbyashrc

  • MD5

    baf8e12eea2c052580452ddd2eb09a00

  • SHA1

    29f20673e1e96dd9b9242f0eac935a1fb7cbc087

  • SHA256

    1dc4ce530da63fbcad1123138256484b1ce8e7fda2dfd23550a8f942b9cd20fd

  • SHA512

    9af136e4249043121468e44423e38e4b01abd2643c85edf8ce686ffb9031f0018c31d7af62ea1671d47fa460def5f1900a63480e4f1c6b39b827c15f23ac781a

  • SSDEEP

    6144:2EWKVSvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:2nKJ

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      1dc4ce530da63fbcad1123138256484b1ce8e7fda2dfd23550a8f942b9cd20fdN

    • Size

      250KB

    • MD5

      baf8e12eea2c052580452ddd2eb09a00

    • SHA1

      29f20673e1e96dd9b9242f0eac935a1fb7cbc087

    • SHA256

      1dc4ce530da63fbcad1123138256484b1ce8e7fda2dfd23550a8f942b9cd20fd

    • SHA512

      9af136e4249043121468e44423e38e4b01abd2643c85edf8ce686ffb9031f0018c31d7af62ea1671d47fa460def5f1900a63480e4f1c6b39b827c15f23ac781a

    • SSDEEP

      6144:2EWKVSvCvfmZ7KRRRGBCvfmZ7KFpNlJTBCvfmZ7d:2nKJ

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks