Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    01dad189e578b258d4496500b273466384c1694d4856dc914b080be513598092

  • Size

    305KB

  • Sample

    240929-wrpbesvank

  • MD5

    49b050a937c84a64241269310f85324f

  • SHA1

    0a27d77d22e66bd153e1ac5dd9d395c78ecf9632

  • SHA256

    01dad189e578b258d4496500b273466384c1694d4856dc914b080be513598092

  • SHA512

    3a56492926c5f902e57a45e229b6ce60fe436142e4ca13b2d496cc31c3037f8be8d8bc209ef181462386d6e0656b62adaa445cee21aec9499cd4dbbd317bed09

  • SSDEEP

    6144:IdWoxM2YNxunXe8yhrtMsQBvli+RQFdq:JoxMfvAO8qRMsrOQF

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      01dad189e578b258d4496500b273466384c1694d4856dc914b080be513598092

    • Size

      305KB

    • MD5

      49b050a937c84a64241269310f85324f

    • SHA1

      0a27d77d22e66bd153e1ac5dd9d395c78ecf9632

    • SHA256

      01dad189e578b258d4496500b273466384c1694d4856dc914b080be513598092

    • SHA512

      3a56492926c5f902e57a45e229b6ce60fe436142e4ca13b2d496cc31c3037f8be8d8bc209ef181462386d6e0656b62adaa445cee21aec9499cd4dbbd317bed09

    • SSDEEP

      6144:IdWoxM2YNxunXe8yhrtMsQBvli+RQFdq:JoxMfvAO8qRMsrOQF

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks