Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

f59966dcaf...aN.exe

windows7-x64

10

f59966dcaf...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f59966dcafb203e8934ae367ca65985137accd559efa1a985a179d4681ea78faN

  • Size

    136KB

  • Sample

    240919-rk1nnatbkm

  • MD5

    cd3796f67ebe9504f4172eb33b02d860

  • SHA1

    d295685882a810bc8cc052e8cb81553bd15b2e88

  • SHA256

    f59966dcafb203e8934ae367ca65985137accd559efa1a985a179d4681ea78fa

  • SHA512

    bcd258bd5353dbebd5546b22b9eb98a30ea0c2f082fe7df35aa21983a581abe1aa4eace5a514beb975cc56af1e9bc0c55fb9cba158934320eaa6a3b8de957aa9

  • SSDEEP

    1536:MiOFEV0pNmk9h5Nz6/EeknQ1AQkk5eQfzkxer2bD4Qydgjz0cZ44mjD9r823FQ7N:MbK0pZOce1AQh7f0DtydBi/mjRrz3OT

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f59966dcafb203e8934ae367ca65985137accd559efa1a985a179d4681ea78faN

    • Size

      136KB

    • MD5

      cd3796f67ebe9504f4172eb33b02d860

    • SHA1

      d295685882a810bc8cc052e8cb81553bd15b2e88

    • SHA256

      f59966dcafb203e8934ae367ca65985137accd559efa1a985a179d4681ea78fa

    • SHA512

      bcd258bd5353dbebd5546b22b9eb98a30ea0c2f082fe7df35aa21983a581abe1aa4eace5a514beb975cc56af1e9bc0c55fb9cba158934320eaa6a3b8de957aa9

    • SSDEEP

      1536:MiOFEV0pNmk9h5Nz6/EeknQ1AQkk5eQfzkxer2bD4Qydgjz0cZ44mjD9r823FQ7N:MbK0pZOce1AQh7f0DtydBi/mjRrz3OT

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks