Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    2f3bc60e86867d26e5164a764a8cf732366531b0988bc82ee674548938e8f538N

  • Size

    128KB

  • Sample

    241005-fzpdds1hqd

  • MD5

    e2713692041070ae40a2f5d814817d90

  • SHA1

    9cd3884a3f3635a7cd0926507fb3ccd083110c79

  • SHA256

    2f3bc60e86867d26e5164a764a8cf732366531b0988bc82ee674548938e8f538

  • SHA512

    cc2f68b4521a1f0ed97075b82810d6116c2879df6fa1524a51d197a36a896673409d580e43e1d0c07bfa731a0cecc3c33e3b0d98395a87266354d3ad2638f8bc

  • SSDEEP

    3072:ainmupiXHjYMq1neoeUlj9pui6yYPaI7DehizrVtN:Hpp1n4wpui6yYPaIGc

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      2f3bc60e86867d26e5164a764a8cf732366531b0988bc82ee674548938e8f538N

    • Size

      128KB

    • MD5

      e2713692041070ae40a2f5d814817d90

    • SHA1

      9cd3884a3f3635a7cd0926507fb3ccd083110c79

    • SHA256

      2f3bc60e86867d26e5164a764a8cf732366531b0988bc82ee674548938e8f538

    • SHA512

      cc2f68b4521a1f0ed97075b82810d6116c2879df6fa1524a51d197a36a896673409d580e43e1d0c07bfa731a0cecc3c33e3b0d98395a87266354d3ad2638f8bc

    • SSDEEP

      3072:ainmupiXHjYMq1neoeUlj9pui6yYPaI7DehizrVtN:Hpp1n4wpui6yYPaIGc

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks