Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

93e4691c74...4N.exe

windows7-x64

10

93e4691c74...4N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93e4691c745f9571d6c0a9b332da8d1f3ab9f5cf81365844fd82f148bf0406e4N

  • Size

    74KB

  • Sample

    240919-w5t4tstfnp

  • MD5

    3a07818b6fa9b6a8ee49d329224d9b70

  • SHA1

    98b30141a09661b9009c99de75fe0a7b99272eb4

  • SHA256

    93e4691c745f9571d6c0a9b332da8d1f3ab9f5cf81365844fd82f148bf0406e4

  • SHA512

    50ff7f42930c22286d462d2a5589373f336eeec191ec90f56d447ab53f01979699f9a914abc2eaf924227f5a47c956c0d4475edde49d8a84abe512fa53ca66c1

  • SSDEEP

    1536:BDe+bM56WmQ7QY1P4FbfW7uuv+BSuJRlCl4PH:BDK56WmOQY1P8K7Z+RRl+4PH

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      93e4691c745f9571d6c0a9b332da8d1f3ab9f5cf81365844fd82f148bf0406e4N

    • Size

      74KB

    • MD5

      3a07818b6fa9b6a8ee49d329224d9b70

    • SHA1

      98b30141a09661b9009c99de75fe0a7b99272eb4

    • SHA256

      93e4691c745f9571d6c0a9b332da8d1f3ab9f5cf81365844fd82f148bf0406e4

    • SHA512

      50ff7f42930c22286d462d2a5589373f336eeec191ec90f56d447ab53f01979699f9a914abc2eaf924227f5a47c956c0d4475edde49d8a84abe512fa53ca66c1

    • SSDEEP

      1536:BDe+bM56WmQ7QY1P4FbfW7uuv+BSuJRlCl4PH:BDK56WmOQY1P8K7Z+RRl+4PH

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks