Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

160987fb53...b6.exe

windows7-x64

10

160987fb53...b6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    160987fb535f2af7d07dd78e4841728fab1246737767b6b4489b40e8e57a23b6

  • Size

    64KB

  • Sample

    241222-yr9y8sxqdj

  • MD5

    f4f96433c1547d69fdef41ca38566193

  • SHA1

    427421753767f21b55db25400eca11fab456c2c1

  • SHA256

    160987fb535f2af7d07dd78e4841728fab1246737767b6b4489b40e8e57a23b6

  • SHA512

    15601d147f90c7c4204e8b9632fdb4e779157c6d09205b8e2eef9a78c6777a13c87608ac48c3f39383f200f84e1c3aa3bb4029a6722c75e11932a295cb362751

  • SSDEEP

    1536:P7pFaWM3h7bxpp4FNNNNNNNNNNNNNN+9RW4cUXruCHcpzt/Idn:jpRMtbfHTWzpFwn

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      160987fb535f2af7d07dd78e4841728fab1246737767b6b4489b40e8e57a23b6

    • Size

      64KB

    • MD5

      f4f96433c1547d69fdef41ca38566193

    • SHA1

      427421753767f21b55db25400eca11fab456c2c1

    • SHA256

      160987fb535f2af7d07dd78e4841728fab1246737767b6b4489b40e8e57a23b6

    • SHA512

      15601d147f90c7c4204e8b9632fdb4e779157c6d09205b8e2eef9a78c6777a13c87608ac48c3f39383f200f84e1c3aa3bb4029a6722c75e11932a295cb362751

    • SSDEEP

      1536:P7pFaWM3h7bxpp4FNNNNNNNNNNNNNN+9RW4cUXruCHcpzt/Idn:jpRMtbfHTWzpFwn

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks