Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7434a431b1c84dc35170895430d20d5d5ccedf696c46386f43be07c896f8bd75N

  • Size

    448KB

  • Sample

    241009-bjvs1sxcjl

  • MD5

    d9ac3a486b71ced8653e1e6d78deae10

  • SHA1

    b38406497d2a8b9bc7aa29794c8371f68add375b

  • SHA256

    7434a431b1c84dc35170895430d20d5d5ccedf696c46386f43be07c896f8bd75

  • SHA512

    78cddac243978af40b42dae1e839ed3629277198a5fa8b1299fe78f425b2530165f3cdae04a9beae814970456a4c9956dd557e68ee0dea8d14976384d676a877

  • SSDEEP

    12288:O23whD3iGyXu1jGG1ws5iETdqvZNemWrsiLk6mqgt:fwlyGyXsGG1ws5ipt

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7434a431b1c84dc35170895430d20d5d5ccedf696c46386f43be07c896f8bd75N

    • Size

      448KB

    • MD5

      d9ac3a486b71ced8653e1e6d78deae10

    • SHA1

      b38406497d2a8b9bc7aa29794c8371f68add375b

    • SHA256

      7434a431b1c84dc35170895430d20d5d5ccedf696c46386f43be07c896f8bd75

    • SHA512

      78cddac243978af40b42dae1e839ed3629277198a5fa8b1299fe78f425b2530165f3cdae04a9beae814970456a4c9956dd557e68ee0dea8d14976384d676a877

    • SSDEEP

      12288:O23whD3iGyXu1jGG1ws5iETdqvZNemWrsiLk6mqgt:fwlyGyXsGG1ws5ipt

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks