Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    869dca0fae916b1ca591834568ce5b2577173aa0306143334fbdb2e3d706cd41N

  • Size

    92KB

  • Sample

    241014-q9rllssglp

  • MD5

    e41898d89e021917314a6cdee6e54770

  • SHA1

    560c76fbe15cb36cbdce936fbda6621708c95fbe

  • SHA256

    869dca0fae916b1ca591834568ce5b2577173aa0306143334fbdb2e3d706cd41

  • SHA512

    1f57e092ae91b3af9203c5dcbcf5df040d722240ac69e90497c8ab894edc4e7a55334b1bc599fae5298d4a471d2a7ad02209df3dca5c8a2933e69207dfec0f84

  • SSDEEP

    1536:7qal+5Xq75SeCELQwWALjRWs95I9n60CuFEsdFPmO6/nKQrUoR24HsUs:Ga95PLQwNLjrWn60C+EsdFuK6THsR

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      869dca0fae916b1ca591834568ce5b2577173aa0306143334fbdb2e3d706cd41N

    • Size

      92KB

    • MD5

      e41898d89e021917314a6cdee6e54770

    • SHA1

      560c76fbe15cb36cbdce936fbda6621708c95fbe

    • SHA256

      869dca0fae916b1ca591834568ce5b2577173aa0306143334fbdb2e3d706cd41

    • SHA512

      1f57e092ae91b3af9203c5dcbcf5df040d722240ac69e90497c8ab894edc4e7a55334b1bc599fae5298d4a471d2a7ad02209df3dca5c8a2933e69207dfec0f84

    • SSDEEP

      1536:7qal+5Xq75SeCELQwWALjRWs95I9n60CuFEsdFPmO6/nKQrUoR24HsUs:Ga95PLQwNLjrWn60C+EsdFuK6THsR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks