Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    62b5633b0e374d16d35f84601ac1200ec58c039fdf7fd6049948af57809752daN

  • Size

    90KB

  • Sample

    241010-bdrjeasgpd

  • MD5

    ee010a4b052d71f39027826d25f55000

  • SHA1

    507a94f5a3d7d88d9a32c5345e82535db2dadce1

  • SHA256

    62b5633b0e374d16d35f84601ac1200ec58c039fdf7fd6049948af57809752da

  • SHA512

    a20dbe4cea3c2083bbd611127e46678b05e0c46946183923e0e43d6b13d2df5b5b9ba4ce3bc49b0a4ac3356bce4862d076d7234559ffceb1cf500e42e42854e5

  • SSDEEP

    1536:b4ShGvO4vvIgCep52c4cgHaKX69Ps3uYCkQKGZu/Ub0VkVNK:b4ShCOi2eX2R/VVPPGZu/Ub0+NK

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      62b5633b0e374d16d35f84601ac1200ec58c039fdf7fd6049948af57809752daN

    • Size

      90KB

    • MD5

      ee010a4b052d71f39027826d25f55000

    • SHA1

      507a94f5a3d7d88d9a32c5345e82535db2dadce1

    • SHA256

      62b5633b0e374d16d35f84601ac1200ec58c039fdf7fd6049948af57809752da

    • SHA512

      a20dbe4cea3c2083bbd611127e46678b05e0c46946183923e0e43d6b13d2df5b5b9ba4ce3bc49b0a4ac3356bce4862d076d7234559ffceb1cf500e42e42854e5

    • SSDEEP

      1536:b4ShGvO4vvIgCep52c4cgHaKX69Ps3uYCkQKGZu/Ub0VkVNK:b4ShCOi2eX2R/VVPPGZu/Ub0+NK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks