Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7ffb49e1fdd92c552fd24585848dcbe6abcaaf61347ac753397f81df88f78d3dN

  • Size

    1000KB

  • Sample

    241001-z34r2avbnd

  • MD5

    f8ad292a08fa7c2e020ed6d9d91cf390

  • SHA1

    6f5f927bc3aa234ba6f01381332a83dd8f130d7e

  • SHA256

    7ffb49e1fdd92c552fd24585848dcbe6abcaaf61347ac753397f81df88f78d3d

  • SHA512

    14d7f298d4bd7500e0efa2e002c558e1468211744390c568fbf9273bee0ade7c8944e55614a7787b73717948f8f5a37b0eaa9fc9c55cce4b4ac84523ce056216

  • SSDEEP

    12288:qYnCBCtHBFLPj3TmLnWrOxNuxC97hFq9o7:qRCtHBFLPj368MoC9Dq9o7

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7ffb49e1fdd92c552fd24585848dcbe6abcaaf61347ac753397f81df88f78d3dN

    • Size

      1000KB

    • MD5

      f8ad292a08fa7c2e020ed6d9d91cf390

    • SHA1

      6f5f927bc3aa234ba6f01381332a83dd8f130d7e

    • SHA256

      7ffb49e1fdd92c552fd24585848dcbe6abcaaf61347ac753397f81df88f78d3d

    • SHA512

      14d7f298d4bd7500e0efa2e002c558e1468211744390c568fbf9273bee0ade7c8944e55614a7787b73717948f8f5a37b0eaa9fc9c55cce4b4ac84523ce056216

    • SSDEEP

      12288:qYnCBCtHBFLPj3TmLnWrOxNuxC97hFq9o7:qRCtHBFLPj368MoC9Dq9o7

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks