Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

36dfdc5c4b...7N.exe

windows7-x64

10

36dfdc5c4b...7N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36dfdc5c4bc93498bac4188b9f7255dec5b5cfa54a9435a6b78312c1ab186f17N.exe

  • Size

    422KB

  • Sample

    241225-x646vstphx

  • MD5

    fa05af435c3fe8cdebe1cf875b175480

  • SHA1

    864081e04a72fc71c613c54acc0f63731bd1c958

  • SHA256

    36dfdc5c4bc93498bac4188b9f7255dec5b5cfa54a9435a6b78312c1ab186f17

  • SHA512

    90ca51304ab8605f353cc0b65960fec767f4cd4d4cbc4c0f74c42ca5987056bd02bfdf1119bf047cf4e66a3fcef6ee5d3748552fd3b4cb8aefa799eebad190ee

  • SSDEEP

    6144:O9hUrlhLbabO6FSPnvZU1AF+6FSPnvZhDYsKKo6FSPnvZU1AF+6FSPnvZq:IUjGaXgA4XfczXgA4XA

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      36dfdc5c4bc93498bac4188b9f7255dec5b5cfa54a9435a6b78312c1ab186f17N.exe

    • Size

      422KB

    • MD5

      fa05af435c3fe8cdebe1cf875b175480

    • SHA1

      864081e04a72fc71c613c54acc0f63731bd1c958

    • SHA256

      36dfdc5c4bc93498bac4188b9f7255dec5b5cfa54a9435a6b78312c1ab186f17

    • SHA512

      90ca51304ab8605f353cc0b65960fec767f4cd4d4cbc4c0f74c42ca5987056bd02bfdf1119bf047cf4e66a3fcef6ee5d3748552fd3b4cb8aefa799eebad190ee

    • SSDEEP

      6144:O9hUrlhLbabO6FSPnvZU1AF+6FSPnvZhDYsKKo6FSPnvZU1AF+6FSPnvZq:IUjGaXgA4XfczXgA4XA

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks