Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4790f326b7775b113b1b9fb2657c12c3f7f0bf7211fe9c8bd0bced768ba916b8N

  • Size

    94KB

  • Sample

    240921-av6h8awgjg

  • MD5

    d157bbe9a4cf21aa817725e73f380cb0

  • SHA1

    233934a8e94ce14e85411e7c7362d57b347f380b

  • SHA256

    4790f326b7775b113b1b9fb2657c12c3f7f0bf7211fe9c8bd0bced768ba916b8

  • SHA512

    30e616f7d6736740a237fa00e9f099ea05eed936ddad831cda87a922ee1d1abbc1ecb03eaace98033493ff9b91fbbcf2ef8be9aaeba9b6d06701d1a96f035811

  • SSDEEP

    1536:FQD+95S/e1YJehoGVwS2/dYaLpRQDZRfRa9HprmRfRZ:Fi+9IMY4hVJ2/aaNeDZ5wkpv

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4790f326b7775b113b1b9fb2657c12c3f7f0bf7211fe9c8bd0bced768ba916b8N

    • Size

      94KB

    • MD5

      d157bbe9a4cf21aa817725e73f380cb0

    • SHA1

      233934a8e94ce14e85411e7c7362d57b347f380b

    • SHA256

      4790f326b7775b113b1b9fb2657c12c3f7f0bf7211fe9c8bd0bced768ba916b8

    • SHA512

      30e616f7d6736740a237fa00e9f099ea05eed936ddad831cda87a922ee1d1abbc1ecb03eaace98033493ff9b91fbbcf2ef8be9aaeba9b6d06701d1a96f035811

    • SSDEEP

      1536:FQD+95S/e1YJehoGVwS2/dYaLpRQDZRfRa9HprmRfRZ:Fi+9IMY4hVJ2/aaNeDZ5wkpv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks