Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

cf5e3fef39...e9.exe

windows7-x64

10

cf5e3fef39...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf5e3fef39d7617d63d89b8d020fcdd2abff5d45c6e5af7252589eaf9cfdcbe9.exe

  • Size

    163KB

  • Sample

    241210-qvphps1rer

  • MD5

    7bc9c4c611c72b61f98fdbaf24a81ef7

  • SHA1

    be322b4f738bd301b2016f66b2c8d22219a4a53c

  • SHA256

    cf5e3fef39d7617d63d89b8d020fcdd2abff5d45c6e5af7252589eaf9cfdcbe9

  • SHA512

    d3edc2ed2a2eba8730f4cb5730383ee432beadcfccf310b48f36767c038f075e5bc7a472ac231d95f3c4469cf8100cf998278e9466c19a63530b4c19f1858e56

  • SSDEEP

    1536:PW92UtCPd5mMr9nzVGqhmGTMwNMslProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVUA:3UtWdoMJZhmmMsltOrWKDBr+yJbA

Score
10/10
berbewbruteratelgozibackdoorbankerdiscoveryisfbpersistencetrojan

Malware Config

Extracted

Family

berbew

C2

http://crutop.nu/index.php

http://devx.nm.ru/index.php

http://ros-neftbank.ru/index.php

http://master-x.com/index.php

http://www.redline.ru/index.php

http://cvv.ru/index.php

http://hackers.lv/index.php

http://fethard.biz/index.php

http://crutop.ru/index.php

http://kaspersky.ru/index.php

http://color-bank.ru/index.php

http://adult-empire.com/index.php

http://virus-list.com/index.php

http://trojan.ru/index.php

http://xware.cjb.net/index.htm

http://konfiskat.org/index.htm

http://parex-bank.ru/index.htm

http://fethard.biz/index.htm

http://ldark.nm.ru/index.htm

http://gaz-prom.ru/index.htm

Extracted

Family

gozi

Targets

    • Target

      cf5e3fef39d7617d63d89b8d020fcdd2abff5d45c6e5af7252589eaf9cfdcbe9.exe

    • Size

      163KB

    • MD5

      7bc9c4c611c72b61f98fdbaf24a81ef7

    • SHA1

      be322b4f738bd301b2016f66b2c8d22219a4a53c

    • SHA256

      cf5e3fef39d7617d63d89b8d020fcdd2abff5d45c6e5af7252589eaf9cfdcbe9

    • SHA512

      d3edc2ed2a2eba8730f4cb5730383ee432beadcfccf310b48f36767c038f075e5bc7a472ac231d95f3c4469cf8100cf998278e9466c19a63530b4c19f1858e56

    • SSDEEP

      1536:PW92UtCPd5mMr9nzVGqhmGTMwNMslProNVU4qNVUrk/9QbfBr+7GwKrPAsqNVUA:3UtWdoMJZhmmMsltOrWKDBr+yJbA

    Score
    10/10
    berbewbruteratelgozibackdoorbankerdiscoveryisfbpersistencetrojan

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Brute Ratel C4

      A customized command and control framework for red teaming and adversary simulation.

      backdoorbruteratel

    • Bruteratel family

      bruteratel

    • Detect BruteRatel badger

    • Gozi

      Gozi is a well-known and widely distributed banking trojan.

      bankertrojangozi

    • Gozi family

      gozi

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.