Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8bN

  • Size

    362KB

  • Sample

    241009-l3c3esxejp

  • MD5

    fde5b9f9dbd857f8efa2d50cc79a1cf0

  • SHA1

    0f2f669804d736e3761868c3abf0df67b1cb4ab3

  • SHA256

    b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8b

  • SHA512

    9cc918cf065106e9351759f31f21e388718d2656aa4fbced1d953537b3359b3695bdfefca9956869033f6ceafd71bb1e1a6441d219fc0ab43859df2f09abc435

  • SSDEEP

    6144:aIRXKKdDbqXWtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1aj8DOvlvuZn:ayHV2mtmuMtrQ07nGWxWSsmiMyh95r5z

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8bN

    • Size

      362KB

    • MD5

      fde5b9f9dbd857f8efa2d50cc79a1cf0

    • SHA1

      0f2f669804d736e3761868c3abf0df67b1cb4ab3

    • SHA256

      b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8b

    • SHA512

      9cc918cf065106e9351759f31f21e388718d2656aa4fbced1d953537b3359b3695bdfefca9956869033f6ceafd71bb1e1a6441d219fc0ab43859df2f09abc435

    • SSDEEP

      6144:aIRXKKdDbqXWtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1aj8DOvlvuZn:ayHV2mtmuMtrQ07nGWxWSsmiMyh95r5z

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.