Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7d61e3fc449475cbf23ed4947b5ccabf47d44712455efbdf2ae059298ec65dbe

  • Size

    96KB

  • Sample

    240921-1z6mwswglc

  • MD5

    d65c7daa569ff2d11b5125f9916cf13e

  • SHA1

    d424103cb6ed94272876428c65500123ac04c085

  • SHA256

    7d61e3fc449475cbf23ed4947b5ccabf47d44712455efbdf2ae059298ec65dbe

  • SHA512

    f07feb19e0278d8de11c63e4515c9746f64d50364c07fea069f6b7fdecd429da5bfed39485de80eba95a7580e9ec1a36f34a32224dffb68905681379c0ba4c10

  • SSDEEP

    1536:TWlVUgk1mk1JFSTAVEerI0q6VUaiYFsX6IaG6duV9jojTIvjr:TW/Ugk4jxerySUa7KqIP6d69jc0v

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7d61e3fc449475cbf23ed4947b5ccabf47d44712455efbdf2ae059298ec65dbe

    • Size

      96KB

    • MD5

      d65c7daa569ff2d11b5125f9916cf13e

    • SHA1

      d424103cb6ed94272876428c65500123ac04c085

    • SHA256

      7d61e3fc449475cbf23ed4947b5ccabf47d44712455efbdf2ae059298ec65dbe

    • SHA512

      f07feb19e0278d8de11c63e4515c9746f64d50364c07fea069f6b7fdecd429da5bfed39485de80eba95a7580e9ec1a36f34a32224dffb68905681379c0ba4c10

    • SSDEEP

      1536:TWlVUgk1mk1JFSTAVEerI0q6VUaiYFsX6IaG6duV9jojTIvjr:TW/Ugk4jxerySUa7KqIP6d69jc0v

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks