Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f47dfb056c15d38cd856922c5555a17a7f688eded585f08076b3b5ddd281dd7eN

  • Size

    93KB

  • Sample

    241009-ny3hmayanf

  • MD5

    8967d10f5256d2ef817fac83a71520c0

  • SHA1

    7c64d1b129a64e62372824a29c4001e0d7f0c1b6

  • SHA256

    f47dfb056c15d38cd856922c5555a17a7f688eded585f08076b3b5ddd281dd7e

  • SHA512

    cb4c9f67ee2047ba5fd427f481f6e5f8e7f45fb2505f3e43bd2e1be463175a7c3d1842dc4cc408b124aacc53f7accea951cb3bc167a0781c911da1a4cf1ad133

  • SSDEEP

    1536:lgwd1kH4URGgmdLASXNa8iC90v12LOyN3rSJ+sno0nEwosAHZTgjiwg58:Gwd1kYySXN3n90vILOyN3WJ+j0nS7Z0Z

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f47dfb056c15d38cd856922c5555a17a7f688eded585f08076b3b5ddd281dd7eN

    • Size

      93KB

    • MD5

      8967d10f5256d2ef817fac83a71520c0

    • SHA1

      7c64d1b129a64e62372824a29c4001e0d7f0c1b6

    • SHA256

      f47dfb056c15d38cd856922c5555a17a7f688eded585f08076b3b5ddd281dd7e

    • SHA512

      cb4c9f67ee2047ba5fd427f481f6e5f8e7f45fb2505f3e43bd2e1be463175a7c3d1842dc4cc408b124aacc53f7accea951cb3bc167a0781c911da1a4cf1ad133

    • SSDEEP

      1536:lgwd1kH4URGgmdLASXNa8iC90v12LOyN3rSJ+sno0nEwosAHZTgjiwg58:Gwd1kYySXN3n90vILOyN3WJ+j0nS7Z0Z

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks