Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f10d807bf8...4N.exe

windows7-x64

10

f10d807bf8...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f10d807bf8c78a302649ef2b6032c799deafb7935d21d6e91ad8996d0e7ea2f4N

  • Size

    67KB

  • Sample

    241015-ctzqdszakf

  • MD5

    cd91b3963597137202990d1426d7d9f0

  • SHA1

    7f1d993e62ee5619174a14d219dcea5a976e8217

  • SHA256

    f10d807bf8c78a302649ef2b6032c799deafb7935d21d6e91ad8996d0e7ea2f4

  • SHA512

    0ce28fae3edb642f8f9278e7ed157a03594b6f012af8979d8c04a4d40fcb035285fd9e227159e4e04a1c89257fbb6665eb9bb1a2a364a4fa040547f4508bfb47

  • SSDEEP

    1536:BkFXWsMNfiEp+2sXFvd/Egqc2ssJifTduD4oTxw:WFXZEprINJd2ssJibdMTxw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      f10d807bf8c78a302649ef2b6032c799deafb7935d21d6e91ad8996d0e7ea2f4N

    • Size

      67KB

    • MD5

      cd91b3963597137202990d1426d7d9f0

    • SHA1

      7f1d993e62ee5619174a14d219dcea5a976e8217

    • SHA256

      f10d807bf8c78a302649ef2b6032c799deafb7935d21d6e91ad8996d0e7ea2f4

    • SHA512

      0ce28fae3edb642f8f9278e7ed157a03594b6f012af8979d8c04a4d40fcb035285fd9e227159e4e04a1c89257fbb6665eb9bb1a2a364a4fa040547f4508bfb47

    • SSDEEP

      1536:BkFXWsMNfiEp+2sXFvd/Egqc2ssJifTduD4oTxw:WFXZEprINJd2ssJibdMTxw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks