Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    360658ea9faae3db2f309fda2310f2abb9261d0a7117736a69ee5adb510c738aN

  • Size

    72KB

  • Sample

    241001-ha9n5svgnn

  • MD5

    ff90c9ad26990aa291a1b55902ea0960

  • SHA1

    32b6d3b1324a568020799a36e715d34686116ab7

  • SHA256

    360658ea9faae3db2f309fda2310f2abb9261d0a7117736a69ee5adb510c738a

  • SHA512

    5cc2f9f070b32cfa3ee133085d8ef4253db0a609cedcf505a5ea96922325e9efd1fd9d7b7914610180edf67bd14ae9422a82066fea5b57eed26ed6f119496921

  • SSDEEP

    1536:WsAwZIzfbpWPe7jr07cXsK0ix2pcitl7Jc7atJnr8GEW5ije8b:W3aIzfb0WXr0oXHB2dD7Jcathr8GE7z

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      360658ea9faae3db2f309fda2310f2abb9261d0a7117736a69ee5adb510c738aN

    • Size

      72KB

    • MD5

      ff90c9ad26990aa291a1b55902ea0960

    • SHA1

      32b6d3b1324a568020799a36e715d34686116ab7

    • SHA256

      360658ea9faae3db2f309fda2310f2abb9261d0a7117736a69ee5adb510c738a

    • SHA512

      5cc2f9f070b32cfa3ee133085d8ef4253db0a609cedcf505a5ea96922325e9efd1fd9d7b7914610180edf67bd14ae9422a82066fea5b57eed26ed6f119496921

    • SSDEEP

      1536:WsAwZIzfbpWPe7jr07cXsK0ix2pcitl7Jc7atJnr8GEW5ije8b:W3aIzfb0WXr0oXHB2dD7Jcathr8GE7z

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.