Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    43608c94d0e181736f36daffd550d691239d30bdbf8898cf921d241a26c371e7N

  • Size

    1.6MB

  • Sample

    240919-gzjnksvdlq

  • MD5

    c3ef906dfebf7f0ad5310de3bfc6f400

  • SHA1

    683c51d96f6e61f10a2d8981d957083a8e43e64b

  • SHA256

    43608c94d0e181736f36daffd550d691239d30bdbf8898cf921d241a26c371e7

  • SHA512

    416ea51c110ca979bc24a875cff538fdc63281f0de93ade8badea0f52d7df1258fa620803b4577a9e84b8bb4a9a71f4eceb0c09c9b5f2bf08f1ed8b26a41d085

  • SSDEEP

    24576:ftvr4B9f01ZmQvj4VznTKwe+xgq8/xMbO:ftkB9f0Vb4VznTKwenPf

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      43608c94d0e181736f36daffd550d691239d30bdbf8898cf921d241a26c371e7N

    • Size

      1.6MB

    • MD5

      c3ef906dfebf7f0ad5310de3bfc6f400

    • SHA1

      683c51d96f6e61f10a2d8981d957083a8e43e64b

    • SHA256

      43608c94d0e181736f36daffd550d691239d30bdbf8898cf921d241a26c371e7

    • SHA512

      416ea51c110ca979bc24a875cff538fdc63281f0de93ade8badea0f52d7df1258fa620803b4577a9e84b8bb4a9a71f4eceb0c09c9b5f2bf08f1ed8b26a41d085

    • SSDEEP

      24576:ftvr4B9f01ZmQvj4VznTKwe+xgq8/xMbO:ftkB9f0Vb4VznTKwenPf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks