Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    9ed3c3d72f73d620ac06b7018f3666a7b7ce012c6fa0c763c60bc8f5de855e50N

  • Size

    96KB

  • Sample

    240921-188hvaxcjd

  • MD5

    43765c9b3688c87faacd670fa34c6130

  • SHA1

    c5a6fd55f07f112c7f319266d655fd44ca6a6e20

  • SHA256

    9ed3c3d72f73d620ac06b7018f3666a7b7ce012c6fa0c763c60bc8f5de855e50

  • SHA512

    6842ec51a75d042f0881a8a537215fff21c5e083c2fc62781b6edaac70c6abac0d76b2269fc17029ac61d245c2a6432a2acb024b7fe7e982589d8bed84523b0b

  • SSDEEP

    1536:os0PkacjJCBCY3gyGDlpbpvpY2JdNpXHkxmWHjhrUQVoMdUT+irF:BayUI7pJJJF3kxmWHjhr1Rhk

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9ed3c3d72f73d620ac06b7018f3666a7b7ce012c6fa0c763c60bc8f5de855e50N

    • Size

      96KB

    • MD5

      43765c9b3688c87faacd670fa34c6130

    • SHA1

      c5a6fd55f07f112c7f319266d655fd44ca6a6e20

    • SHA256

      9ed3c3d72f73d620ac06b7018f3666a7b7ce012c6fa0c763c60bc8f5de855e50

    • SHA512

      6842ec51a75d042f0881a8a537215fff21c5e083c2fc62781b6edaac70c6abac0d76b2269fc17029ac61d245c2a6432a2acb024b7fe7e982589d8bed84523b0b

    • SSDEEP

      1536:os0PkacjJCBCY3gyGDlpbpvpY2JdNpXHkxmWHjhrUQVoMdUT+irF:BayUI7pJJJF3kxmWHjhr1Rhk

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks