Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ac602590858f3998293a4fc18a1e6c9384879eb68ebcffd2ac3cfcd9192f24f3N.exe

  • Size

    94KB

  • Sample

    240928-xjqd7ateqh

  • MD5

    b013fc51e0703e0476fc775478a4d610

  • SHA1

    58ce40aaa41f585c4459505ac7774e599b419f70

  • SHA256

    ac602590858f3998293a4fc18a1e6c9384879eb68ebcffd2ac3cfcd9192f24f3

  • SHA512

    a9a5a3f919b96b173a4df8aae2728f74db4cc21ae76effccd953b275868f9b49a09c3cc15b454ae9cbb8616265b56a6a3de6cb42091264e6f96ab9f7a7ddf13d

  • SSDEEP

    1536:UVOcEwNWsGPQv836vNz9R5eVJlL0pIsR6iKJNebATsKC0ilNqNTHlwAV1VkzOZhS:UVOlwFRvQ49R5cHSR4ZfrrVkO5Quv6+4

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ac602590858f3998293a4fc18a1e6c9384879eb68ebcffd2ac3cfcd9192f24f3N.exe

    • Size

      94KB

    • MD5

      b013fc51e0703e0476fc775478a4d610

    • SHA1

      58ce40aaa41f585c4459505ac7774e599b419f70

    • SHA256

      ac602590858f3998293a4fc18a1e6c9384879eb68ebcffd2ac3cfcd9192f24f3

    • SHA512

      a9a5a3f919b96b173a4df8aae2728f74db4cc21ae76effccd953b275868f9b49a09c3cc15b454ae9cbb8616265b56a6a3de6cb42091264e6f96ab9f7a7ddf13d

    • SSDEEP

      1536:UVOcEwNWsGPQv836vNz9R5eVJlL0pIsR6iKJNebATsKC0ilNqNTHlwAV1VkzOZhS:UVOlwFRvQ49R5cHSR4ZfrrVkO5Quv6+4

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks