Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    054236aee19b83123883b77209b0b2ecb3cbbac961413a688eb9d21044f07e63N

  • Size

    464KB

  • Sample

    241001-y7rslasfng

  • MD5

    c6f4b16ff5d8ce65bfb9e95427106340

  • SHA1

    3d0068928469436b2cd109a7562403e8a979e0f7

  • SHA256

    054236aee19b83123883b77209b0b2ecb3cbbac961413a688eb9d21044f07e63

  • SHA512

    beb5eff17f7961cb7e3a3da10db00ee27e8d5d3821bfa301fb2e006532a2cc77cb36ac75838ba264f5eb388e7d46a2ce7e95bb30b5d12a1ecaf0fcf03b364011

  • SSDEEP

    12288:7ZgKah2kkkkK4kXkkkkkkkkl888888888888888888nusG:rah2kkkkK4kXkkkkkkkkK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      054236aee19b83123883b77209b0b2ecb3cbbac961413a688eb9d21044f07e63N

    • Size

      464KB

    • MD5

      c6f4b16ff5d8ce65bfb9e95427106340

    • SHA1

      3d0068928469436b2cd109a7562403e8a979e0f7

    • SHA256

      054236aee19b83123883b77209b0b2ecb3cbbac961413a688eb9d21044f07e63

    • SHA512

      beb5eff17f7961cb7e3a3da10db00ee27e8d5d3821bfa301fb2e006532a2cc77cb36ac75838ba264f5eb388e7d46a2ce7e95bb30b5d12a1ecaf0fcf03b364011

    • SSDEEP

      12288:7ZgKah2kkkkK4kXkkkkkkkkl888888888888888888nusG:rah2kkkkK4kXkkkkkkkkK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks