Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

98de9e2c17...1a.exe

windows7-x64

10

98de9e2c17...1a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98de9e2c17ecb5141aea0baea92abf4686504e239ccc7d081f827934251fe71a

  • Size

    264KB

  • Sample

    250308-e8c62s1zgt

  • MD5

    8ed848d03a3118d687e37b46abe4e878

  • SHA1

    c55f236d83ae838d0e4c636b34cd4b0037b1b559

  • SHA256

    98de9e2c17ecb5141aea0baea92abf4686504e239ccc7d081f827934251fe71a

  • SHA512

    4f545afd52f1f76bcb4dca42712aeac63b329c1e0acf8eac1330e5ea17f8c7415b9903e93f40999be54789e3124d75c4ea0c4703c9feef76ba4ebaa72e07e5d7

  • SSDEEP

    3072:2ifGaCL3m4is24ho1mtye3lFDrFDHZtO8jJkiUi8ChpBhx5Zd424ho1mtye3lFD6:20GxL3m4iBsFj5tPNki9HZd1sFj5tw

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      98de9e2c17ecb5141aea0baea92abf4686504e239ccc7d081f827934251fe71a

    • Size

      264KB

    • MD5

      8ed848d03a3118d687e37b46abe4e878

    • SHA1

      c55f236d83ae838d0e4c636b34cd4b0037b1b559

    • SHA256

      98de9e2c17ecb5141aea0baea92abf4686504e239ccc7d081f827934251fe71a

    • SHA512

      4f545afd52f1f76bcb4dca42712aeac63b329c1e0acf8eac1330e5ea17f8c7415b9903e93f40999be54789e3124d75c4ea0c4703c9feef76ba4ebaa72e07e5d7

    • SSDEEP

      3072:2ifGaCL3m4is24ho1mtye3lFDrFDHZtO8jJkiUi8ChpBhx5Zd424ho1mtye3lFD6:20GxL3m4iBsFj5tPNki9HZd1sFj5tw

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks