Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dea0989f5b48f922f96a98e3be234bbacf458328c10c40b321d7ec383147a475N

  • Size

    104KB

  • Sample

    240919-lr2lmssgnl

  • MD5

    c4e4f02fae56eda3c0310c150e5c6f70

  • SHA1

    f8c889a8a9ab7cd2327e439f47ec8088afa21ac7

  • SHA256

    dea0989f5b48f922f96a98e3be234bbacf458328c10c40b321d7ec383147a475

  • SHA512

    1482e68e1691577d39f38e12f5d646bd5e05ed96a89c92a06a209a7eac08225693b9003914915513866ae3dbbd88f178c4749beb094ae6f01f8864b87b79eff8

  • SSDEEP

    1536:zHZLWvXBDIBgnvza1X+RQLVCiex1AycERsDNkYhkngiWDRm2RE5haZYDa9AARWQS:T+X9spse52x7cEGrhkngpDvchkqbAIQS

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dea0989f5b48f922f96a98e3be234bbacf458328c10c40b321d7ec383147a475N

    • Size

      104KB

    • MD5

      c4e4f02fae56eda3c0310c150e5c6f70

    • SHA1

      f8c889a8a9ab7cd2327e439f47ec8088afa21ac7

    • SHA256

      dea0989f5b48f922f96a98e3be234bbacf458328c10c40b321d7ec383147a475

    • SHA512

      1482e68e1691577d39f38e12f5d646bd5e05ed96a89c92a06a209a7eac08225693b9003914915513866ae3dbbd88f178c4749beb094ae6f01f8864b87b79eff8

    • SSDEEP

      1536:zHZLWvXBDIBgnvza1X+RQLVCiex1AycERsDNkYhkngiWDRm2RE5haZYDa9AARWQS:T+X9spse52x7cEGrhkngpDvchkqbAIQS

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks