Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    a804cb1666db7e6a2c840eaf738cd71f6ecf8f2b950ec47b491146f8b90fb198N.exe

  • Size

    92KB

  • Sample

    241123-mjwk4asrhv

  • MD5

    552d8bb79b792c78e821c1ac2cfc1f80

  • SHA1

    2882b0b1958e1c531e92df54c73f929b21becbac

  • SHA256

    a804cb1666db7e6a2c840eaf738cd71f6ecf8f2b950ec47b491146f8b90fb198

  • SHA512

    1c43861a7c2653f4da1d0ef75ece3bd6f5e2a4f85485c1433c1038c2cdd19f26e00c0e6bb17a22cf1154a46a2f396f6ce85be0404b6f851c94a1b65a7315051b

  • SSDEEP

    1536:OXEq82JQ8zdLj6APuHX9HzT7Qd9OyPFC/DQ6d+LdN3imnunGP+W:Wt8EV6AP+XBTQtPF8ydVbe4+W

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      a804cb1666db7e6a2c840eaf738cd71f6ecf8f2b950ec47b491146f8b90fb198N.exe

    • Size

      92KB

    • MD5

      552d8bb79b792c78e821c1ac2cfc1f80

    • SHA1

      2882b0b1958e1c531e92df54c73f929b21becbac

    • SHA256

      a804cb1666db7e6a2c840eaf738cd71f6ecf8f2b950ec47b491146f8b90fb198

    • SHA512

      1c43861a7c2653f4da1d0ef75ece3bd6f5e2a4f85485c1433c1038c2cdd19f26e00c0e6bb17a22cf1154a46a2f396f6ce85be0404b6f851c94a1b65a7315051b

    • SSDEEP

      1536:OXEq82JQ8zdLj6APuHX9HzT7Qd9OyPFC/DQ6d+LdN3imnunGP+W:Wt8EV6AP+XBTQtPF8ydVbe4+W

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks