Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e8105e4ee0...8N.exe

windows7-x64

10

e8105e4ee0...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e8105e4ee06ab13b8a1fe6314ec4d170135daf228b5fc0d66e2c0830778f6538N.exe

  • Size

    45KB

  • Sample

    241208-ebt4as1lfw

  • MD5

    bd30886e69948272b9ef8b8500b2dd90

  • SHA1

    66d2c6af39ef504f3abc5d123024c5af811953f8

  • SHA256

    e8105e4ee06ab13b8a1fe6314ec4d170135daf228b5fc0d66e2c0830778f6538

  • SHA512

    83f051bda3ac57c9be48d89b6d3114cdf864eb4d67993a4cc66898ac6aea3a05f5953000453e1ab48868353fb9be23e92e10ac7e00fccdd72c358a5b5c0931b0

  • SSDEEP

    768:Jiz7EZB2mVlKkrIcshn4dtRo6lo2tPXzqdaMd0bRg4tP8bR0uy/1H5:JizwVlK8I4bR+SbRgdg

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e8105e4ee06ab13b8a1fe6314ec4d170135daf228b5fc0d66e2c0830778f6538N.exe

    • Size

      45KB

    • MD5

      bd30886e69948272b9ef8b8500b2dd90

    • SHA1

      66d2c6af39ef504f3abc5d123024c5af811953f8

    • SHA256

      e8105e4ee06ab13b8a1fe6314ec4d170135daf228b5fc0d66e2c0830778f6538

    • SHA512

      83f051bda3ac57c9be48d89b6d3114cdf864eb4d67993a4cc66898ac6aea3a05f5953000453e1ab48868353fb9be23e92e10ac7e00fccdd72c358a5b5c0931b0

    • SSDEEP

      768:Jiz7EZB2mVlKkrIcshn4dtRo6lo2tPXzqdaMd0bRg4tP8bR0uy/1H5:JizwVlK8I4bR+SbRgdg

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks