Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    bcec18d049d1964ca25224f89c0c813c416c80e7b00af7f4319b4604cef99173N

  • Size

    93KB

  • Sample

    241001-3xcm5s1ang

  • MD5

    9367bfd38166cfde02b7629e7cf60be0

  • SHA1

    363c5a371f9c3d04fb3ceca320a4b4bc654a9945

  • SHA256

    bcec18d049d1964ca25224f89c0c813c416c80e7b00af7f4319b4604cef99173

  • SHA512

    b1039cbf4387e819bbca59ebdf88f138303106c59d9c91230f4ed54afe220d012d6c84d7342efebd969886e8762493b949fabcfeac47ff159a18deb0e530fa5a

  • SSDEEP

    1536:fv8kmrIbcQ+WuhHp3iUwQ+HaLudSG+g1nvZ1/qKZ7wesWwufga13PJcTqjiwg58:fIIbcVhKaLudSG+2nvZ1iKZ9xfr/WaY6

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      bcec18d049d1964ca25224f89c0c813c416c80e7b00af7f4319b4604cef99173N

    • Size

      93KB

    • MD5

      9367bfd38166cfde02b7629e7cf60be0

    • SHA1

      363c5a371f9c3d04fb3ceca320a4b4bc654a9945

    • SHA256

      bcec18d049d1964ca25224f89c0c813c416c80e7b00af7f4319b4604cef99173

    • SHA512

      b1039cbf4387e819bbca59ebdf88f138303106c59d9c91230f4ed54afe220d012d6c84d7342efebd969886e8762493b949fabcfeac47ff159a18deb0e530fa5a

    • SSDEEP

      1536:fv8kmrIbcQ+WuhHp3iUwQ+HaLudSG+g1nvZ1/qKZ7wesWwufga13PJcTqjiwg58:fIIbcVhKaLudSG+2nvZ1iKZ9xfr/WaY6

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks