Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4303dad4cb3480590f2eee66f8fde1dc889a1c7fc0554a70490e4d72a8e62cd1N

  • Size

    96KB

  • Sample

    241010-ef37rsxaqh

  • MD5

    f2ff2f96ede586a0f1646928ca290790

  • SHA1

    2c25cf0f19628c9c6a66841b434d264d1377ef1d

  • SHA256

    4303dad4cb3480590f2eee66f8fde1dc889a1c7fc0554a70490e4d72a8e62cd1

  • SHA512

    32173a7a974ad4c65e6b466d4d4a22a22e2311617d1eb49beb1aad7e95812420320887f500fb9d17d60eb045fe68aa7626660826090b3705e900b5ae52cb222f

  • SSDEEP

    1536:K9RQSUL4h0B5rGm6cPQ2m+r0RY+TCcdZB5RQ+/iSR5R45WtqV9R2R462izMg3R7o:O6JB5rf6AQk+TFZB5e+RHrtG9MW3+3lo

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      4303dad4cb3480590f2eee66f8fde1dc889a1c7fc0554a70490e4d72a8e62cd1N

    • Size

      96KB

    • MD5

      f2ff2f96ede586a0f1646928ca290790

    • SHA1

      2c25cf0f19628c9c6a66841b434d264d1377ef1d

    • SHA256

      4303dad4cb3480590f2eee66f8fde1dc889a1c7fc0554a70490e4d72a8e62cd1

    • SHA512

      32173a7a974ad4c65e6b466d4d4a22a22e2311617d1eb49beb1aad7e95812420320887f500fb9d17d60eb045fe68aa7626660826090b3705e900b5ae52cb222f

    • SSDEEP

      1536:K9RQSUL4h0B5rGm6cPQ2m+r0RY+TCcdZB5RQ+/iSR5R45WtqV9R2R462izMg3R7o:O6JB5rf6AQk+TFZB5e+RHrtG9MW3+3lo

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks