Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

9a996d4352...9d.exe

windows7-x64

10

9a996d4352...9d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9a996d4352325f8558c21a3bdaffee9965dd36498ace518de8c8f4d21b111c9d

  • Size

    45KB

  • Sample

    250308-f7yxsssmx2

  • MD5

    8ba166af3c93ae7eef2ea646dd3f1953

  • SHA1

    fe47b67ee60a813ff1f30f273fb407c6782139c7

  • SHA256

    9a996d4352325f8558c21a3bdaffee9965dd36498ace518de8c8f4d21b111c9d

  • SHA512

    a273f830751b1649a70394e3d68df294e0b7fd53132821e523d23d1149a1a7fc415741646deea85f8244230db945e72b93baf925d928a1d9dd2c05aee663d16a

  • SSDEEP

    768:87hfanrDlD1m4/YkJn8yV+80vCatGmunTr6K/1H5f:LBFNVbatGmO2Ql

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://tat-neftbank.ru/kkq.php

http://tat-neftbank.ru/wcmd.htm

Targets

    • Target

      9a996d4352325f8558c21a3bdaffee9965dd36498ace518de8c8f4d21b111c9d

    • Size

      45KB

    • MD5

      8ba166af3c93ae7eef2ea646dd3f1953

    • SHA1

      fe47b67ee60a813ff1f30f273fb407c6782139c7

    • SHA256

      9a996d4352325f8558c21a3bdaffee9965dd36498ace518de8c8f4d21b111c9d

    • SHA512

      a273f830751b1649a70394e3d68df294e0b7fd53132821e523d23d1149a1a7fc415741646deea85f8244230db945e72b93baf925d928a1d9dd2c05aee663d16a

    • SSDEEP

      768:87hfanrDlD1m4/YkJn8yV+80vCatGmunTr6K/1H5f:LBFNVbatGmO2Ql

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks