Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    88817d870bcfe250193c45dd952ca612643655c48dc60862d6b121df1fbdeed7N

  • Size

    89KB

  • Sample

    241005-1g8pjayapg

  • MD5

    59b22b57f33ba0adf257f22f95f2bb40

  • SHA1

    d705f58fe836a62159328c866b6ea32c514fff35

  • SHA256

    88817d870bcfe250193c45dd952ca612643655c48dc60862d6b121df1fbdeed7

  • SHA512

    e77d1d9432f6e30ad6e39504a7d064da443cd07a9c45b25f91f6f428403841795c4df39368852bf485010a818e1cbe11f9a0ed4c93e4ae60fabc1bc2bea57888

  • SSDEEP

    1536:QfEzXFhfQ7f/NMfYWM1ZG6LmUjEYJLLeRQh3R+KRFR3RzR1URJrCiuiNj5QkMMWs:Qfog3NPWM1aIXMetjb5ZXUf2iuOj22lN

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      88817d870bcfe250193c45dd952ca612643655c48dc60862d6b121df1fbdeed7N

    • Size

      89KB

    • MD5

      59b22b57f33ba0adf257f22f95f2bb40

    • SHA1

      d705f58fe836a62159328c866b6ea32c514fff35

    • SHA256

      88817d870bcfe250193c45dd952ca612643655c48dc60862d6b121df1fbdeed7

    • SHA512

      e77d1d9432f6e30ad6e39504a7d064da443cd07a9c45b25f91f6f428403841795c4df39368852bf485010a818e1cbe11f9a0ed4c93e4ae60fabc1bc2bea57888

    • SSDEEP

      1536:QfEzXFhfQ7f/NMfYWM1ZG6LmUjEYJLLeRQh3R+KRFR3RzR1URJrCiuiNj5QkMMWs:Qfog3NPWM1aIXMetjb5ZXUf2iuOj22lN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks