Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    d4127fe2b8a2d37307a08d60a6cdde944ea1e3433c053e95fabdc7c5120f3389N

  • Size

    368KB

  • Sample

    241009-sbq9asxejk

  • MD5

    dd62ef151138efa44a757b3e43aa6120

  • SHA1

    f32db86d16e4fdb766309e351835af0a5fe7bb7c

  • SHA256

    d4127fe2b8a2d37307a08d60a6cdde944ea1e3433c053e95fabdc7c5120f3389

  • SHA512

    7815efc82d972a6b4d6e3c025e549d00332ad38f9821d380c8a6843cee78117915325ad5a3467696fd32c0ec183cb40d6acd309ae2a30ef836f8beb1e14a10cd

  • SSDEEP

    6144:s/L6Ru6F0QO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwHlGrh/tOz:46q/+zrWAI5KFum/+zrWAIAqWiO

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d4127fe2b8a2d37307a08d60a6cdde944ea1e3433c053e95fabdc7c5120f3389N

    • Size

      368KB

    • MD5

      dd62ef151138efa44a757b3e43aa6120

    • SHA1

      f32db86d16e4fdb766309e351835af0a5fe7bb7c

    • SHA256

      d4127fe2b8a2d37307a08d60a6cdde944ea1e3433c053e95fabdc7c5120f3389

    • SHA512

      7815efc82d972a6b4d6e3c025e549d00332ad38f9821d380c8a6843cee78117915325ad5a3467696fd32c0ec183cb40d6acd309ae2a30ef836f8beb1e14a10cd

    • SSDEEP

      6144:s/L6Ru6F0QO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwHlGrh/tOz:46q/+zrWAI5KFum/+zrWAIAqWiO

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks