Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a35ff313187c380ac87e130c578b2b525334b8b2000cfb51e2d347e5175457cbN

  • Size

    790KB

  • Sample

    241001-2gv9waxenb

  • MD5

    bed08e50e7e1920a89f38ca85fb14f90

  • SHA1

    19108bd16afacc4f6bae141c922d75195cb62079

  • SHA256

    a35ff313187c380ac87e130c578b2b525334b8b2000cfb51e2d347e5175457cb

  • SHA512

    a579856cc13cb58d193bef50ee1feea958119764e54e40a8ac9b3d8b289303eaa594d2c47952c383ca2d639c5628820d19027185eac29ab50376dc754cf976c7

  • SSDEEP

    12288:o0G2Aq/FB24lwR4P87g7/VycgE81lgxaa79y:7LAq/PqoIlg17o

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a35ff313187c380ac87e130c578b2b525334b8b2000cfb51e2d347e5175457cbN

    • Size

      790KB

    • MD5

      bed08e50e7e1920a89f38ca85fb14f90

    • SHA1

      19108bd16afacc4f6bae141c922d75195cb62079

    • SHA256

      a35ff313187c380ac87e130c578b2b525334b8b2000cfb51e2d347e5175457cb

    • SHA512

      a579856cc13cb58d193bef50ee1feea958119764e54e40a8ac9b3d8b289303eaa594d2c47952c383ca2d639c5628820d19027185eac29ab50376dc754cf976c7

    • SSDEEP

      12288:o0G2Aq/FB24lwR4P87g7/VycgE81lgxaa79y:7LAq/PqoIlg17o

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks