Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b15cc35072b867f838d18e616b700ac13bfff3f3cd796786d515570fba500c34N

  • Size

    192KB

  • Sample

    241004-glrr2axgjj

  • MD5

    d6a6383e8545a0ac024fad55b64985d0

  • SHA1

    45224685dc758c45d8de651e7d057a37759711e5

  • SHA256

    b15cc35072b867f838d18e616b700ac13bfff3f3cd796786d515570fba500c34

  • SHA512

    dc7bbc3f8a50dcc66dac79e258815a3d42097faeb6477e1e3a257d5eba1e233d094641ebdd411388246d4754ca073e18ed3003b6b079b2b06077cf6a4c32ff91

  • SSDEEP

    3072:/S0+eiXvT0FRBm/fY6hxk3FQo7fnEBctcp/+wreVisp:/S8bDgHY6hxk3FF7fPtcsw6U2

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b15cc35072b867f838d18e616b700ac13bfff3f3cd796786d515570fba500c34N

    • Size

      192KB

    • MD5

      d6a6383e8545a0ac024fad55b64985d0

    • SHA1

      45224685dc758c45d8de651e7d057a37759711e5

    • SHA256

      b15cc35072b867f838d18e616b700ac13bfff3f3cd796786d515570fba500c34

    • SHA512

      dc7bbc3f8a50dcc66dac79e258815a3d42097faeb6477e1e3a257d5eba1e233d094641ebdd411388246d4754ca073e18ed3003b6b079b2b06077cf6a4c32ff91

    • SSDEEP

      3072:/S0+eiXvT0FRBm/fY6hxk3FQo7fnEBctcp/+wreVisp:/S8bDgHY6hxk3FF7fPtcsw6U2

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks