Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    TrojanDownloader.Win32.Berbew.pz-8825ce4df446897bf40e59abc28a9af0c22e20a1c2d7d4c78a2556ec80132b0cN

  • Size

    94KB

  • Sample

    240916-taaqlawcle

  • MD5

    a77bd26d01479f313261fa4b76c65320

  • SHA1

    9244718549508d144cfa96466e1a108b21c9de24

  • SHA256

    8825ce4df446897bf40e59abc28a9af0c22e20a1c2d7d4c78a2556ec80132b0c

  • SHA512

    586d92615fda777788365aabdaf2667977f7c6cad2f6963ee2c6864855b464eec8af5c8833ab8d731d83d31de9d6830a357036b328403c8672cef1b9de402911

  • SSDEEP

    1536:QBD7oCrQ1JRUJQMQxoxbvxVNmmfjdViNbvbbPPPS2947BR9L4DT2EnINs:f3FPodUK5ViNbvbbPPPS2946+ob

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      TrojanDownloader.Win32.Berbew.pz-8825ce4df446897bf40e59abc28a9af0c22e20a1c2d7d4c78a2556ec80132b0cN

    • Size

      94KB

    • MD5

      a77bd26d01479f313261fa4b76c65320

    • SHA1

      9244718549508d144cfa96466e1a108b21c9de24

    • SHA256

      8825ce4df446897bf40e59abc28a9af0c22e20a1c2d7d4c78a2556ec80132b0c

    • SHA512

      586d92615fda777788365aabdaf2667977f7c6cad2f6963ee2c6864855b464eec8af5c8833ab8d731d83d31de9d6830a357036b328403c8672cef1b9de402911

    • SSDEEP

      1536:QBD7oCrQ1JRUJQMQxoxbvxVNmmfjdViNbvbbPPPS2947BR9L4DT2EnINs:f3FPodUK5ViNbvbbPPPS2946+ob

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks