Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    61d8d67c7c5f7ceb72755764a877f9da0722164092a8bab4c27407ca1c28ffbeN

  • Size

    96KB

  • Sample

    240921-21gktsygpp

  • MD5

    d245254216389eba1cca872c150c05d0

  • SHA1

    868bda768781bc0df087dd41da2081a3ad2cddb1

  • SHA256

    61d8d67c7c5f7ceb72755764a877f9da0722164092a8bab4c27407ca1c28ffbe

  • SHA512

    e2b494f851d781266295306fa163a62a73c9251f39d6be115a52651cdf5605d7bb1ec73ede0840afb84bbea86a170be9629ec466f5e74efa615688ede3c3408d

  • SSDEEP

    1536:KJprAUHFIZFVNzZBLeGeD/UYLf5z4MXFFfUN1Avhw6JCMd:KJCUHFIZkYKjXFFfUrQlMW

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      61d8d67c7c5f7ceb72755764a877f9da0722164092a8bab4c27407ca1c28ffbeN

    • Size

      96KB

    • MD5

      d245254216389eba1cca872c150c05d0

    • SHA1

      868bda768781bc0df087dd41da2081a3ad2cddb1

    • SHA256

      61d8d67c7c5f7ceb72755764a877f9da0722164092a8bab4c27407ca1c28ffbe

    • SHA512

      e2b494f851d781266295306fa163a62a73c9251f39d6be115a52651cdf5605d7bb1ec73ede0840afb84bbea86a170be9629ec466f5e74efa615688ede3c3408d

    • SSDEEP

      1536:KJprAUHFIZFVNzZBLeGeD/UYLf5z4MXFFfUN1Avhw6JCMd:KJCUHFIZkYKjXFFfUrQlMW

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks