Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

85d6b29bc5...5N.exe

windows7-x64

10

85d6b29bc5...5N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    85d6b29bc5dff6ac937faacaeb36f111b0122310ea07ca2e7c54fef141d1bc65N

  • Size

    128KB

  • Sample

    240921-ebnaratejr

  • MD5

    fa58d9374bee1c7d9431bdf4aa1053a0

  • SHA1

    29f98fcf8a19589f173acdda84bbc1de454b0c0b

  • SHA256

    85d6b29bc5dff6ac937faacaeb36f111b0122310ea07ca2e7c54fef141d1bc65

  • SHA512

    c9f17c15ee47e2bf03b72603a95cf2f6454089e1104c41e24fc98dc719d5825599e584b9cf16a9d3a6df27ea9e183678080ad136d68bbb976d48c3ba178c8330

  • SSDEEP

    3072:iTzzvNq5SM1SZmnhPUqCmUj9mL3FQo7fnEBctcp:iVzDjEL3FF7fPtc

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      85d6b29bc5dff6ac937faacaeb36f111b0122310ea07ca2e7c54fef141d1bc65N

    • Size

      128KB

    • MD5

      fa58d9374bee1c7d9431bdf4aa1053a0

    • SHA1

      29f98fcf8a19589f173acdda84bbc1de454b0c0b

    • SHA256

      85d6b29bc5dff6ac937faacaeb36f111b0122310ea07ca2e7c54fef141d1bc65

    • SHA512

      c9f17c15ee47e2bf03b72603a95cf2f6454089e1104c41e24fc98dc719d5825599e584b9cf16a9d3a6df27ea9e183678080ad136d68bbb976d48c3ba178c8330

    • SSDEEP

      3072:iTzzvNq5SM1SZmnhPUqCmUj9mL3FQo7fnEBctcp:iVzDjEL3FF7fPtc

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks