Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    74f7679221608a6c1bfda40f7c4a8a4a96d4e3c0ad335acd67852cca6f76b0b0N

  • Size

    324KB

  • Sample

    240928-h3xkaatalq

  • MD5

    ab5d102b201b8c24722153d286edac20

  • SHA1

    1c5ae4f7ab40d71e338884f5d1a04c2c7c5ffe64

  • SHA256

    74f7679221608a6c1bfda40f7c4a8a4a96d4e3c0ad335acd67852cca6f76b0b0

  • SHA512

    80ab204dab5d50e2194a8fcba4e9262f897d72be272ca9ce3d0f1500bc0cb980ee6dbf02d8152de3149aa6268c54e02985ba00eba7e78eff8aabc7febde1b161

  • SSDEEP

    6144:qqTfq26pHStZO6zd5IF6rfBBcVPINRFYpfZvT6zAWq6JMf3us8ws:qqpp5IFy5BcVPINRFYpfZvTmAWqeMf3O

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      74f7679221608a6c1bfda40f7c4a8a4a96d4e3c0ad335acd67852cca6f76b0b0N

    • Size

      324KB

    • MD5

      ab5d102b201b8c24722153d286edac20

    • SHA1

      1c5ae4f7ab40d71e338884f5d1a04c2c7c5ffe64

    • SHA256

      74f7679221608a6c1bfda40f7c4a8a4a96d4e3c0ad335acd67852cca6f76b0b0

    • SHA512

      80ab204dab5d50e2194a8fcba4e9262f897d72be272ca9ce3d0f1500bc0cb980ee6dbf02d8152de3149aa6268c54e02985ba00eba7e78eff8aabc7febde1b161

    • SSDEEP

      6144:qqTfq26pHStZO6zd5IF6rfBBcVPINRFYpfZvT6zAWq6JMf3us8ws:qqpp5IFy5BcVPINRFYpfZvTmAWqeMf3O

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks