Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

e5a5fdd914...68.exe

windows7-x64

10

e5a5fdd914...68.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5a5fdd914f305427980546343a6ad1e22aa2d20b791d28145f479c50f9aa968

  • Size

    320KB

  • Sample

    250305-n1sffaxxaz

  • MD5

    6bdd5c331b3f213d8b93be927971a240

  • SHA1

    49e35c580ef375dc012b61c2893b273db8458ca8

  • SHA256

    e5a5fdd914f305427980546343a6ad1e22aa2d20b791d28145f479c50f9aa968

  • SHA512

    23586651c73518e6fb0eb98b3f93be80b3ad7e3763c4d996c1f37d250ee7267693f2f164d9469320e952c2f621edf1588f3851b9ac9902ddc96bc2fccfd6e367

  • SSDEEP

    6144:iAb1udHUb6s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nJ:AN705kWM/9J6gqGBf/J

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      e5a5fdd914f305427980546343a6ad1e22aa2d20b791d28145f479c50f9aa968

    • Size

      320KB

    • MD5

      6bdd5c331b3f213d8b93be927971a240

    • SHA1

      49e35c580ef375dc012b61c2893b273db8458ca8

    • SHA256

      e5a5fdd914f305427980546343a6ad1e22aa2d20b791d28145f479c50f9aa968

    • SHA512

      23586651c73518e6fb0eb98b3f93be80b3ad7e3763c4d996c1f37d250ee7267693f2f164d9469320e952c2f621edf1588f3851b9ac9902ddc96bc2fccfd6e367

    • SSDEEP

      6144:iAb1udHUb6s21L7/s50z/Wa3/PNlP59ENQdgrb8X6SJqGaPonZh/nJ:AN705kWM/9J6gqGBf/J

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks