Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8bN

  • Size

    362KB

  • Sample

    241009-l3c3esxejp

  • MD5

    fde5b9f9dbd857f8efa2d50cc79a1cf0

  • SHA1

    0f2f669804d736e3761868c3abf0df67b1cb4ab3

  • SHA256

    b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8b

  • SHA512

    9cc918cf065106e9351759f31f21e388718d2656aa4fbced1d953537b3359b3695bdfefca9956869033f6ceafd71bb1e1a6441d219fc0ab43859df2f09abc435

  • SSDEEP

    6144:aIRXKKdDbqXWtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1aj8DOvlvuZn:ayHV2mtmuMtrQ07nGWxWSsmiMyh95r5z

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8bN

    • Size

      362KB

    • MD5

      fde5b9f9dbd857f8efa2d50cc79a1cf0

    • SHA1

      0f2f669804d736e3761868c3abf0df67b1cb4ab3

    • SHA256

      b7ba3de116ed0dc1e913f2144e810f4d98557a90d877311bb32d1f080bfd1a8b

    • SHA512

      9cc918cf065106e9351759f31f21e388718d2656aa4fbced1d953537b3359b3695bdfefca9956869033f6ceafd71bb1e1a6441d219fc0ab43859df2f09abc435

    • SSDEEP

      6144:aIRXKKdDbqXWtGDuMEUrQVad7nG3mbDp2o+SsmiMyhtHEyr5psPc1aj8DOvlvuZn:ayHV2mtmuMtrQ07nGWxWSsmiMyh95r5z

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks