Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1361c17cf0abb6af6ef0340a8106f85940595c2515a50eccd81186ac9d988965N.exe

  • Size

    448KB

  • Sample

    241207-1xxbfawmaz

  • MD5

    b7bbefec8309542b6ac7a55e694ac2b0

  • SHA1

    ebd68065c6efc6faf25b7960af2e111e4ff2fb8f

  • SHA256

    1361c17cf0abb6af6ef0340a8106f85940595c2515a50eccd81186ac9d988965

  • SHA512

    fcc5c77d683545e3a78b19a8942bb5fc3d10ea1448ba3821182e0187d89005997189db1cb5aa682554b43beb57a5b71397b1f7faba37695897063081bb58d396

  • SSDEEP

    6144:U5D0KIpqIZ/Nr+9ZiLUmKyIxLDXXoq9FJZCUmKyIxL:PpqAN+W32XXf9Do3

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      1361c17cf0abb6af6ef0340a8106f85940595c2515a50eccd81186ac9d988965N.exe

    • Size

      448KB

    • MD5

      b7bbefec8309542b6ac7a55e694ac2b0

    • SHA1

      ebd68065c6efc6faf25b7960af2e111e4ff2fb8f

    • SHA256

      1361c17cf0abb6af6ef0340a8106f85940595c2515a50eccd81186ac9d988965

    • SHA512

      fcc5c77d683545e3a78b19a8942bb5fc3d10ea1448ba3821182e0187d89005997189db1cb5aa682554b43beb57a5b71397b1f7faba37695897063081bb58d396

    • SSDEEP

      6144:U5D0KIpqIZ/Nr+9ZiLUmKyIxLDXXoq9FJZCUmKyIxL:PpqAN+W32XXf9Do3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks