Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ea9bf5e3c7409a1c6a3a6ae3e87cf73eac501a6f5c7d85df1235937470d4f470N

  • Size

    565KB

  • Sample

    241006-pf37waxgnb

  • MD5

    cdab30cef707353c37336a4af0e71c40

  • SHA1

    8c1f0ce17ac5aface7808ca295cc7b53339a9be0

  • SHA256

    ea9bf5e3c7409a1c6a3a6ae3e87cf73eac501a6f5c7d85df1235937470d4f470

  • SHA512

    7f94b439dbed73348dc097a442e969869b877779859546f37a05f7fe8a354bcae62a0787ce51ff5569d22838ec8e85f18ca59d930cccad35d573980cc562c8e2

  • SSDEEP

    12288:w6NLbxvtuFjAh//+zrWAIAqWim/+zrWAI5KF8OX:w6NLBtuFjAh/mvFimm09OX

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ea9bf5e3c7409a1c6a3a6ae3e87cf73eac501a6f5c7d85df1235937470d4f470N

    • Size

      565KB

    • MD5

      cdab30cef707353c37336a4af0e71c40

    • SHA1

      8c1f0ce17ac5aface7808ca295cc7b53339a9be0

    • SHA256

      ea9bf5e3c7409a1c6a3a6ae3e87cf73eac501a6f5c7d85df1235937470d4f470

    • SHA512

      7f94b439dbed73348dc097a442e969869b877779859546f37a05f7fe8a354bcae62a0787ce51ff5569d22838ec8e85f18ca59d930cccad35d573980cc562c8e2

    • SSDEEP

      12288:w6NLbxvtuFjAh//+zrWAIAqWim/+zrWAI5KF8OX:w6NLBtuFjAh/mvFimm09OX

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks