Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    NEAS.d6753d432e8bbf052eea8a38f2ed7080.exe

  • Size

    3.9MB

  • Sample

    231021-1ehekabg92

  • MD5

    d6753d432e8bbf052eea8a38f2ed7080

  • SHA1

    e8aa766f71bc67d8d2705bb4dd3b56d78fe60846

  • SHA256

    1a315950e8fd47b98048ad681b08fab518752153845932fcd7f37aef514f3cb3

  • SHA512

    829f000c3b5b57ec4684aaa45da62a0a5bed822b2696f40f03db20753a96a973337b4341ee0e51a3105ae9c9ecf8904f4ee8d0e3121e462aa34dbcc3440e8a24

  • SSDEEP

    98304:fpC8Qlt0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjn6AzABM:fpC8MtFWPClFt

Malware Config

Targets

    • Target

      NEAS.d6753d432e8bbf052eea8a38f2ed7080.exe

    • Size

      3.9MB

    • MD5

      d6753d432e8bbf052eea8a38f2ed7080

    • SHA1

      e8aa766f71bc67d8d2705bb4dd3b56d78fe60846

    • SHA256

      1a315950e8fd47b98048ad681b08fab518752153845932fcd7f37aef514f3cb3

    • SHA512

      829f000c3b5b57ec4684aaa45da62a0a5bed822b2696f40f03db20753a96a973337b4341ee0e51a3105ae9c9ecf8904f4ee8d0e3121e462aa34dbcc3440e8a24

    • SSDEEP

      98304:fpC8Qlt0GnJMOWPClFdx6e0EALKWVTffZiPAcRq6jHjn6AzABM:fpC8MtFWPClFt

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Malware Backdoor - Berbew

      Berbew is a malware infection classified as a 'backdoor' Trojan. This malicious program's primary function is to cause chain infections - it can download/install additional malware such as other Trojans, ransomware, and cryptominers.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • XMRig Miner payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks