Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

812bd8e28e...9N.exe

windows7-x64

10

812bd8e28e...9N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    812bd8e28e28b2a1584f8260ade05355d8cbb60cc235b6755b20df9ae1cb5189N.exe

  • Size

    512KB

  • Sample

    241225-ydal8avjey

  • MD5

    a23cbaf92c5f67284076b1456af84110

  • SHA1

    0a08230a5f4f9392c842f3b565466194a4878428

  • SHA256

    812bd8e28e28b2a1584f8260ade05355d8cbb60cc235b6755b20df9ae1cb5189

  • SHA512

    b77efd03670dc719075ed6370753d9bbb96843e6f00c2674b8b256076c556a1760f1a3c49fe26e21c25a6ac1853c8f4052ac1a31f67558dcc25d972578e983e4

  • SSDEEP

    6144:SwdUZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:GUG5t1sI5yl48pArv8o4L

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      812bd8e28e28b2a1584f8260ade05355d8cbb60cc235b6755b20df9ae1cb5189N.exe

    • Size

      512KB

    • MD5

      a23cbaf92c5f67284076b1456af84110

    • SHA1

      0a08230a5f4f9392c842f3b565466194a4878428

    • SHA256

      812bd8e28e28b2a1584f8260ade05355d8cbb60cc235b6755b20df9ae1cb5189

    • SHA512

      b77efd03670dc719075ed6370753d9bbb96843e6f00c2674b8b256076c556a1760f1a3c49fe26e21c25a6ac1853c8f4052ac1a31f67558dcc25d972578e983e4

    • SSDEEP

      6144:SwdUZP8VU5tTO/ENURQPTlyl48pArv8kEVS1aHr:GUG5t1sI5yl48pArv8o4L

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks