Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

af1ab7885d...43.exe

windows7-x64

10

af1ab7885d...43.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af1ab7885d928633577312454d7242bcbd98c8aaeb418b39a42d9f05588bf743

  • Size

    363KB

  • Sample

    241015-d4skhasene

  • MD5

    e70e59123f6aaf1ff949a9c30bfadb11

  • SHA1

    3e228cdac1290d6f5370c596f3b45cb4c1eb9f67

  • SHA256

    af1ab7885d928633577312454d7242bcbd98c8aaeb418b39a42d9f05588bf743

  • SHA512

    6ca463a5a300f1a94bc2357a3fd9101ac8dfa17c3f85307cb991c01e9a9cbb26f5d89b459ee7d9b9ea1ce1288c43a7dae03da913d589fc284a3314e04a15285a

  • SSDEEP

    6144:+5VU5tTbVXksax8n5tTDUZNSN58VU5tT:wG5tP6sus5t6NSN6G5t

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      af1ab7885d928633577312454d7242bcbd98c8aaeb418b39a42d9f05588bf743

    • Size

      363KB

    • MD5

      e70e59123f6aaf1ff949a9c30bfadb11

    • SHA1

      3e228cdac1290d6f5370c596f3b45cb4c1eb9f67

    • SHA256

      af1ab7885d928633577312454d7242bcbd98c8aaeb418b39a42d9f05588bf743

    • SHA512

      6ca463a5a300f1a94bc2357a3fd9101ac8dfa17c3f85307cb991c01e9a9cbb26f5d89b459ee7d9b9ea1ce1288c43a7dae03da913d589fc284a3314e04a15285a

    • SSDEEP

      6144:+5VU5tTbVXksax8n5tTDUZNSN58VU5tT:wG5tP6sus5t6NSN6G5t

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks