Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    01d8ea9dc34510434922a568a8dc37e1a45d8c032879d125a878ab5e6b9580d7N

  • Size

    313KB

  • Sample

    241004-2s4emavgke

  • MD5

    ab8438bf6c20055280bf5c47d8ae4990

  • SHA1

    32acfa4dfcce8d11a7b700a764f4f57e73294b72

  • SHA256

    01d8ea9dc34510434922a568a8dc37e1a45d8c032879d125a878ab5e6b9580d7

  • SHA512

    77343870dabf7a31751ac202c79f6756e344d45c6038348563e291459a609d2092bf8b08861a562cb9af56eff18015332cbd63a560dec82e82193181663b1802

  • SSDEEP

    6144:fZZs6AEL96q/MMg+UmKyIxLDXXoq9FJZCUmKyIxLX:fZZtA8L32XXf9Do3+

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      01d8ea9dc34510434922a568a8dc37e1a45d8c032879d125a878ab5e6b9580d7N

    • Size

      313KB

    • MD5

      ab8438bf6c20055280bf5c47d8ae4990

    • SHA1

      32acfa4dfcce8d11a7b700a764f4f57e73294b72

    • SHA256

      01d8ea9dc34510434922a568a8dc37e1a45d8c032879d125a878ab5e6b9580d7

    • SHA512

      77343870dabf7a31751ac202c79f6756e344d45c6038348563e291459a609d2092bf8b08861a562cb9af56eff18015332cbd63a560dec82e82193181663b1802

    • SSDEEP

      6144:fZZs6AEL96q/MMg+UmKyIxLDXXoq9FJZCUmKyIxLX:fZZtA8L32XXf9Do3+

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks