Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

360658ea9f...aN.exe

windows7-x64

10

360658ea9f...aN.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    360658ea9faae3db2f309fda2310f2abb9261d0a7117736a69ee5adb510c738aN

  • Size

    72KB

  • Sample

    241001-ha9n5svgnn

  • MD5

    ff90c9ad26990aa291a1b55902ea0960

  • SHA1

    32b6d3b1324a568020799a36e715d34686116ab7

  • SHA256

    360658ea9faae3db2f309fda2310f2abb9261d0a7117736a69ee5adb510c738a

  • SHA512

    5cc2f9f070b32cfa3ee133085d8ef4253db0a609cedcf505a5ea96922325e9efd1fd9d7b7914610180edf67bd14ae9422a82066fea5b57eed26ed6f119496921

  • SSDEEP

    1536:WsAwZIzfbpWPe7jr07cXsK0ix2pcitl7Jc7atJnr8GEW5ije8b:W3aIzfb0WXr0oXHB2dD7Jcathr8GE7z

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      360658ea9faae3db2f309fda2310f2abb9261d0a7117736a69ee5adb510c738aN

    • Size

      72KB

    • MD5

      ff90c9ad26990aa291a1b55902ea0960

    • SHA1

      32b6d3b1324a568020799a36e715d34686116ab7

    • SHA256

      360658ea9faae3db2f309fda2310f2abb9261d0a7117736a69ee5adb510c738a

    • SHA512

      5cc2f9f070b32cfa3ee133085d8ef4253db0a609cedcf505a5ea96922325e9efd1fd9d7b7914610180edf67bd14ae9422a82066fea5b57eed26ed6f119496921

    • SSDEEP

      1536:WsAwZIzfbpWPe7jr07cXsK0ix2pcitl7Jc7atJnr8GEW5ije8b:W3aIzfb0WXr0oXHB2dD7Jcathr8GE7z

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.