Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

486c56170f...82.exe

windows7-x64

10

486c56170f...82.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    486c56170f48d583049f8313939ab73432e186b8a8866691663979fdfecf3882

  • Size

    237KB

  • Sample

    241017-z7wbfszfkr

  • MD5

    b149fbe95575440e6205748282458f40

  • SHA1

    30b0d71c79d8c53f7731aa72874d83daed87419d

  • SHA256

    486c56170f48d583049f8313939ab73432e186b8a8866691663979fdfecf3882

  • SHA512

    bb10b881416a3e73e4873caf248d860ac13a36a8dc6dace751cd523bc8c492bc0b29f079d2f498eebf08a3b2dfb0d9c22850ea572861a037cb7563629c49c9cc

  • SSDEEP

    3072:6lI9n0OpFg97CAUbj8Nq75Sq4iqnAUUjE02ZoL9snKKq:6lGSCXj8U5ihYjEToZY8

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      486c56170f48d583049f8313939ab73432e186b8a8866691663979fdfecf3882

    • Size

      237KB

    • MD5

      b149fbe95575440e6205748282458f40

    • SHA1

      30b0d71c79d8c53f7731aa72874d83daed87419d

    • SHA256

      486c56170f48d583049f8313939ab73432e186b8a8866691663979fdfecf3882

    • SHA512

      bb10b881416a3e73e4873caf248d860ac13a36a8dc6dace751cd523bc8c492bc0b29f079d2f498eebf08a3b2dfb0d9c22850ea572861a037cb7563629c49c9cc

    • SSDEEP

      3072:6lI9n0OpFg97CAUbj8Nq75Sq4iqnAUUjE02ZoL9snKKq:6lGSCXj8U5ihYjEToZY8

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks