Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

3e9fd9a31d...8N.exe

windows7-x64

10

3e9fd9a31d...8N.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e9fd9a31d044ce63c9bb8e6b9a1f98896cab4a3e85272fd95db132c0708a4c8N

  • Size

    128KB

  • Sample

    240930-rmbsbatepf

  • MD5

    8391bbc15924f7ac67412d9143274100

  • SHA1

    49c918d5924fe8684f8b6abba7aa83a9feef080b

  • SHA256

    3e9fd9a31d044ce63c9bb8e6b9a1f98896cab4a3e85272fd95db132c0708a4c8

  • SHA512

    984681f2e1d89aaa9e5d683c7c0a21b33ac0dce607af77dce5641b5d1cad9939db08e0c96bdcbd99cbe6ec5f21549e5aa78315a446e9118f8a2b411633a7425d

  • SSDEEP

    3072:nhN8V6AuM5sVBcVPmQkmTAaYmX3FQo7fnEBctcp:/iZ2cVbumX3FF7fPtc

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      3e9fd9a31d044ce63c9bb8e6b9a1f98896cab4a3e85272fd95db132c0708a4c8N

    • Size

      128KB

    • MD5

      8391bbc15924f7ac67412d9143274100

    • SHA1

      49c918d5924fe8684f8b6abba7aa83a9feef080b

    • SHA256

      3e9fd9a31d044ce63c9bb8e6b9a1f98896cab4a3e85272fd95db132c0708a4c8

    • SHA512

      984681f2e1d89aaa9e5d683c7c0a21b33ac0dce607af77dce5641b5d1cad9939db08e0c96bdcbd99cbe6ec5f21549e5aa78315a446e9118f8a2b411633a7425d

    • SSDEEP

      3072:nhN8V6AuM5sVBcVPmQkmTAaYmX3FQo7fnEBctcp:/iZ2cVbumX3FF7fPtc

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks