Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

25f1d7e375...3N.exe

windows7-x64

10

25f1d7e375...3N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    25f1d7e375503fc53a1792fc07c491d8fbbafd568ddbc941799b346a3c12fd53N

  • Size

    96KB

  • Sample

    240930-1j7j9awfmp

  • MD5

    386df6be7c832f744506083fff2ee770

  • SHA1

    37da53a67c298d6e7f2352997b1fb97a0366c7ef

  • SHA256

    25f1d7e375503fc53a1792fc07c491d8fbbafd568ddbc941799b346a3c12fd53

  • SHA512

    380b610e68fca7508c3b75e5c7582facd9d45153143956eb4c9a2b116a158095baaf934e9798d501bd63b05a250bb61616dc45e16f3bc104a6b92945a1b45fd1

  • SSDEEP

    1536:hHHAB8TmJ1Rp/7pbtdeMzVNqP129j2LA/BOmsBCMy0QiLiizHNQNdq:hn7TmJ1LptdeoV2A9jT5OmkCMyELiAH9

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      25f1d7e375503fc53a1792fc07c491d8fbbafd568ddbc941799b346a3c12fd53N

    • Size

      96KB

    • MD5

      386df6be7c832f744506083fff2ee770

    • SHA1

      37da53a67c298d6e7f2352997b1fb97a0366c7ef

    • SHA256

      25f1d7e375503fc53a1792fc07c491d8fbbafd568ddbc941799b346a3c12fd53

    • SHA512

      380b610e68fca7508c3b75e5c7582facd9d45153143956eb4c9a2b116a158095baaf934e9798d501bd63b05a250bb61616dc45e16f3bc104a6b92945a1b45fd1

    • SSDEEP

      1536:hHHAB8TmJ1Rp/7pbtdeMzVNqP129j2LA/BOmsBCMy0QiLiizHNQNdq:hn7TmJ1LptdeoV2A9jT5OmkCMyELiAH9

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks