Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    6389421bb18a937a202ca5438e15f590f871eb1eb9d30dacbca535441ae9970cN

  • Size

    80KB

  • Sample

    241010-a148caselg

  • MD5

    fd9e1bb40b5b788cdfb82bb7d4bfb180

  • SHA1

    04063f52b97fee8abba07ee0cd4c6f125ac2a6df

  • SHA256

    6389421bb18a937a202ca5438e15f590f871eb1eb9d30dacbca535441ae9970c

  • SHA512

    6e8b6034cb3cf18dc05abeb9b394b46043880526d00d14143f37311e941de5778a22adc9b7cb472d668f8018367f448871c1703cd2ea86cee15e06032c73a16f

  • SSDEEP

    1536:CKS0/9cu5OX1NuspvueSf2dvi1SgdQ2aDbzgSTRePwXpJFeJuqnhCN:u0v5OTuAv1SedvjCU/ggePMJFeJLCN

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      6389421bb18a937a202ca5438e15f590f871eb1eb9d30dacbca535441ae9970cN

    • Size

      80KB

    • MD5

      fd9e1bb40b5b788cdfb82bb7d4bfb180

    • SHA1

      04063f52b97fee8abba07ee0cd4c6f125ac2a6df

    • SHA256

      6389421bb18a937a202ca5438e15f590f871eb1eb9d30dacbca535441ae9970c

    • SHA512

      6e8b6034cb3cf18dc05abeb9b394b46043880526d00d14143f37311e941de5778a22adc9b7cb472d668f8018367f448871c1703cd2ea86cee15e06032c73a16f

    • SSDEEP

      1536:CKS0/9cu5OX1NuspvueSf2dvi1SgdQ2aDbzgSTRePwXpJFeJuqnhCN:u0v5OTuAv1SedvjCU/ggePMJFeJLCN

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks