Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    109c198bd603a0c4814e105dee9eb6a4317449815c18d53c7784233177cc9ecaN.exe

  • Size

    800KB

  • Sample

    241207-1153ra1rcn

  • MD5

    f73d2c9c76fdf91bda1c3d8984e02190

  • SHA1

    71b242785c40eca008c82563cae4c17889278140

  • SHA256

    109c198bd603a0c4814e105dee9eb6a4317449815c18d53c7784233177cc9eca

  • SHA512

    6056d4a36e5659bc14729b19c9c548670c7e1d046b6fde457a024827c1e24b7da406fda04bf7e7188eb4a2c7e11abcfff31c55d1d7322877cb0384b011959224

  • SSDEEP

    6144:s9kTRoSc7ksQO+zrWnAdUO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwK:EeGT/+zrWAl+zrWAI5KFum/+zrWAIAqJ

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      109c198bd603a0c4814e105dee9eb6a4317449815c18d53c7784233177cc9ecaN.exe

    • Size

      800KB

    • MD5

      f73d2c9c76fdf91bda1c3d8984e02190

    • SHA1

      71b242785c40eca008c82563cae4c17889278140

    • SHA256

      109c198bd603a0c4814e105dee9eb6a4317449815c18d53c7784233177cc9eca

    • SHA512

      6056d4a36e5659bc14729b19c9c548670c7e1d046b6fde457a024827c1e24b7da406fda04bf7e7188eb4a2c7e11abcfff31c55d1d7322877cb0384b011959224

    • SSDEEP

      6144:s9kTRoSc7ksQO+zrWnAdUO+zrWnAdqjeOpKfduBX2QO+zrWnAdqjsqwK:EeGT/+zrWAl+zrWAI5KFum/+zrWAIAqJ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks