Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    0402b194f8406d3c6c6be59d94a48aed9debc612fb443c376a25390c4d1601e5N

  • Size

    96KB

  • Sample

    240927-fd7b3syerd

  • MD5

    5f6bc7c6b639bcb3d7dd08e40531fef0

  • SHA1

    cbf39b5ffcbd007c8213be8d2043fb08493ef449

  • SHA256

    0402b194f8406d3c6c6be59d94a48aed9debc612fb443c376a25390c4d1601e5

  • SHA512

    aa67d0eb7d508590913b5373a1e900672d4c8101fa0db3caaac1aa0b95ff96286b5b565605c35dfa01334125165a4884d75d8dc293e0839fc9d065a5a86e4fda

  • SSDEEP

    1536:2QIAz1wBwzqMwWjxIyletQBh4OKEq3QlAKOYzI8wMggXKSSeootduV9jojTIvjrH:Jf7qMhjB4UhlKFDMxRtd69jc0vf

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      0402b194f8406d3c6c6be59d94a48aed9debc612fb443c376a25390c4d1601e5N

    • Size

      96KB

    • MD5

      5f6bc7c6b639bcb3d7dd08e40531fef0

    • SHA1

      cbf39b5ffcbd007c8213be8d2043fb08493ef449

    • SHA256

      0402b194f8406d3c6c6be59d94a48aed9debc612fb443c376a25390c4d1601e5

    • SHA512

      aa67d0eb7d508590913b5373a1e900672d4c8101fa0db3caaac1aa0b95ff96286b5b565605c35dfa01334125165a4884d75d8dc293e0839fc9d065a5a86e4fda

    • SSDEEP

      1536:2QIAz1wBwzqMwWjxIyletQBh4OKEq3QlAKOYzI8wMggXKSSeootduV9jojTIvjrH:Jf7qMhjB4UhlKFDMxRtd69jc0vf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks