Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1e3fbee894a57b1f217cde583e642a98463cdb7210a8d8b4b42bebcf668f38d5N

  • Size

    112KB

  • Sample

    240930-e7hedayckl

  • MD5

    f25191228fe068fadfe83cc1fdefadd0

  • SHA1

    ec88cb35500e84b1c16a51f44210cbd386d14cec

  • SHA256

    1e3fbee894a57b1f217cde583e642a98463cdb7210a8d8b4b42bebcf668f38d5

  • SHA512

    9545bcbb6fe89bc2bf2b140755711ab414624af58168a9d8278056f326611d41d80eb4d54debb60ae336129145a28ef51edb7e8ed626adcd8ecf681e817ec5b8

  • SSDEEP

    1536:CeOpv5LV6nisuYwejikD0H7Yd91qq+luJfgR0H4ikRynlypv8LIuCseNIQ:Cjl5INwu0H7W1yg5w0H4+lc802eSQ

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1e3fbee894a57b1f217cde583e642a98463cdb7210a8d8b4b42bebcf668f38d5N

    • Size

      112KB

    • MD5

      f25191228fe068fadfe83cc1fdefadd0

    • SHA1

      ec88cb35500e84b1c16a51f44210cbd386d14cec

    • SHA256

      1e3fbee894a57b1f217cde583e642a98463cdb7210a8d8b4b42bebcf668f38d5

    • SHA512

      9545bcbb6fe89bc2bf2b140755711ab414624af58168a9d8278056f326611d41d80eb4d54debb60ae336129145a28ef51edb7e8ed626adcd8ecf681e817ec5b8

    • SSDEEP

      1536:CeOpv5LV6nisuYwejikD0H7Yd91qq+luJfgR0H4ikRynlypv8LIuCseNIQ:Cjl5INwu0H7W1yg5w0H4+lc802eSQ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks