Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a194397b0bc9775c0ec35bbda91b8d84a616c1e3e187cbd4142e187d686b64a7N

  • Size

    304KB

  • Sample

    241003-kgpcwsxfrb

  • MD5

    c4601a0f6319ed1183440d1187a0aa90

  • SHA1

    82d5e9fa2f306b9b5d4879d4809202559b1e530f

  • SHA256

    a194397b0bc9775c0ec35bbda91b8d84a616c1e3e187cbd4142e187d686b64a7

  • SHA512

    7c5d98066d70fa8b56e796d4dba52d5be7adc1bd17c0dac2810a1487259a5017c09157426ace7f040450d63882a094fa1c8d7a06004b93725a14066ee37446ad

  • SSDEEP

    3072:g+J/Q7PifW2KbmPI3wibemejz+k5rD0LZSnulc0VP7SnHjg:nNQ7PivKbmoimEKIrD0Lu

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a194397b0bc9775c0ec35bbda91b8d84a616c1e3e187cbd4142e187d686b64a7N

    • Size

      304KB

    • MD5

      c4601a0f6319ed1183440d1187a0aa90

    • SHA1

      82d5e9fa2f306b9b5d4879d4809202559b1e530f

    • SHA256

      a194397b0bc9775c0ec35bbda91b8d84a616c1e3e187cbd4142e187d686b64a7

    • SHA512

      7c5d98066d70fa8b56e796d4dba52d5be7adc1bd17c0dac2810a1487259a5017c09157426ace7f040450d63882a094fa1c8d7a06004b93725a14066ee37446ad

    • SSDEEP

      3072:g+J/Q7PifW2KbmPI3wibemejz+k5rD0LZSnulc0VP7SnHjg:nNQ7PivKbmoimEKIrD0Lu

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks