Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    49cf35bf82b2c54df37d61eb9bbafba2400aef26c81b8423c6a92882e65b3838N

  • Size

    205KB

  • Sample

    240928-djsprswdrg

  • MD5

    babe3e257a95046f95f0317d09937970

  • SHA1

    def89a998803d02a45e59d5bc2fc05fab5780d9e

  • SHA256

    49cf35bf82b2c54df37d61eb9bbafba2400aef26c81b8423c6a92882e65b3838

  • SHA512

    3e331c87ad66e359476ef4681a9067900d3ffe77eec679d0b4b34f7a889a003cfb8e9e56b6620c091ea0e6959a05a18cfc4ba10fde408e7be76e06937a922486

  • SSDEEP

    6144:/6XDLR/Y1j1GyZ6YugQdjGG1wsKm6eBgdQbz:CZg1hGyXu1jGG1wsGeBg8

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      49cf35bf82b2c54df37d61eb9bbafba2400aef26c81b8423c6a92882e65b3838N

    • Size

      205KB

    • MD5

      babe3e257a95046f95f0317d09937970

    • SHA1

      def89a998803d02a45e59d5bc2fc05fab5780d9e

    • SHA256

      49cf35bf82b2c54df37d61eb9bbafba2400aef26c81b8423c6a92882e65b3838

    • SHA512

      3e331c87ad66e359476ef4681a9067900d3ffe77eec679d0b4b34f7a889a003cfb8e9e56b6620c091ea0e6959a05a18cfc4ba10fde408e7be76e06937a922486

    • SSDEEP

      6144:/6XDLR/Y1j1GyZ6YugQdjGG1wsKm6eBgdQbz:CZg1hGyXu1jGG1wsGeBg8

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks