Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1cd9dc3a7f762b234214d604d446f4eaa948c3113ac6d001d8c40f94afa5bcc1N.exe

  • Size

    71KB

  • Sample

    240925-r5n6csvaqa

  • MD5

    6f569c2af8e96280ef9f5f98c0e25800

  • SHA1

    7f8ddd68d4ad86924b40dffae51f7a0efa402fdb

  • SHA256

    1cd9dc3a7f762b234214d604d446f4eaa948c3113ac6d001d8c40f94afa5bcc1

  • SHA512

    c7a767a54c8c38c8f0a564d5e9a04d08dfb3f0dc54fd42d871647a26931306f21cf966b8a663d36a45c4354c6e0602fcfb676c58860d2e0bd7440035a4abb327

  • SSDEEP

    1536:aDGZmwgzRnqEDiBYaMpuMl2OiyRF4i0u7RQUDbEyRCRRRoR4Rk:aDGZmwaniBnMcSNiyRF4i0eeSEy032ya

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1cd9dc3a7f762b234214d604d446f4eaa948c3113ac6d001d8c40f94afa5bcc1N.exe

    • Size

      71KB

    • MD5

      6f569c2af8e96280ef9f5f98c0e25800

    • SHA1

      7f8ddd68d4ad86924b40dffae51f7a0efa402fdb

    • SHA256

      1cd9dc3a7f762b234214d604d446f4eaa948c3113ac6d001d8c40f94afa5bcc1

    • SHA512

      c7a767a54c8c38c8f0a564d5e9a04d08dfb3f0dc54fd42d871647a26931306f21cf966b8a663d36a45c4354c6e0602fcfb676c58860d2e0bd7440035a4abb327

    • SSDEEP

      1536:aDGZmwgzRnqEDiBYaMpuMl2OiyRF4i0u7RQUDbEyRCRRRoR4Rk:aDGZmwaniBnMcSNiyRF4i0eeSEy032ya

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks