Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    e562ab6e4d624da7f9f4e4f9a839c623500b2fd687cf1667a024a470d7607f20N

  • Size

    89KB

  • Sample

    240927-kk7nmsxapa

  • MD5

    f50d84b43aa5e41a6302ad6da1ecb3e0

  • SHA1

    ded20872fc659bd1d49ac70ef00d9258dc95fe14

  • SHA256

    e562ab6e4d624da7f9f4e4f9a839c623500b2fd687cf1667a024a470d7607f20

  • SHA512

    9606cafd3177fd5c706fae4437ea899fde89608215656fdddb790f9412c7799ecd65803ee54a48f2a6ae43db47234da4b288a514beb835d587cb62b07611a6be

  • SSDEEP

    1536:15nF/qNXOlDOutn+NRrdVrgv6WIYQ+Avw4xn+RQ0uR+KRFR3RzR1URJrCiuiNj51:1VBqRWihNRhYQ+VteZjb5ZXUf2iuOj2s

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      e562ab6e4d624da7f9f4e4f9a839c623500b2fd687cf1667a024a470d7607f20N

    • Size

      89KB

    • MD5

      f50d84b43aa5e41a6302ad6da1ecb3e0

    • SHA1

      ded20872fc659bd1d49ac70ef00d9258dc95fe14

    • SHA256

      e562ab6e4d624da7f9f4e4f9a839c623500b2fd687cf1667a024a470d7607f20

    • SHA512

      9606cafd3177fd5c706fae4437ea899fde89608215656fdddb790f9412c7799ecd65803ee54a48f2a6ae43db47234da4b288a514beb835d587cb62b07611a6be

    • SSDEEP

      1536:15nF/qNXOlDOutn+NRrdVrgv6WIYQ+Avw4xn+RQ0uR+KRFR3RzR1URJrCiuiNj51:1VBqRWihNRhYQ+VteZjb5ZXUf2iuOj2s

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks