Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

749390bf2a...1a.exe

windows7-x64

10

749390bf2a...1a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    749390bf2aec6372a16987b55ed96f5477ed8c2fbe5810821e890df2b8a58f1a.exe

  • Size

    48KB

  • Sample

    250204-zm1ens1qhx

  • MD5

    39a64d180ebdeae29a0f9436583cb8e8

  • SHA1

    e98ca33f977f63ee80c23416b86d0abe695e2eaf

  • SHA256

    749390bf2aec6372a16987b55ed96f5477ed8c2fbe5810821e890df2b8a58f1a

  • SHA512

    162d2dc7795e37a327477dc03e35bcab7b6d6360a4e762e62ec297ce54a657baa5624ff5757b4c09860af9ba582399426f7e028ea22fcaff07062cdd8686e40e

  • SSDEEP

    1536:Ie1OBmZDZSsbbzWrgJhacZb6rBw2sD1siFcPJbEY3D7ZMKAcY7Dgj:Ie1OMZhbbzWrgJhacZb6rBwlD1siFcPN

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      749390bf2aec6372a16987b55ed96f5477ed8c2fbe5810821e890df2b8a58f1a.exe

    • Size

      48KB

    • MD5

      39a64d180ebdeae29a0f9436583cb8e8

    • SHA1

      e98ca33f977f63ee80c23416b86d0abe695e2eaf

    • SHA256

      749390bf2aec6372a16987b55ed96f5477ed8c2fbe5810821e890df2b8a58f1a

    • SHA512

      162d2dc7795e37a327477dc03e35bcab7b6d6360a4e762e62ec297ce54a657baa5624ff5757b4c09860af9ba582399426f7e028ea22fcaff07062cdd8686e40e

    • SSDEEP

      1536:Ie1OBmZDZSsbbzWrgJhacZb6rBw2sD1siFcPJbEY3D7ZMKAcY7Dgj:Ie1OMZhbbzWrgJhacZb6rBwlD1siFcPN

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks