Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    349ccb01a1e17e25c77fc7fc36d77ed8fb5ca8346e2bfc87924ce0e63e065475N.exe

  • Size

    74KB

  • Sample

    241207-2zgjfaymfw

  • MD5

    f0cb92b41230abe4ac8139266a5e08a0

  • SHA1

    e3a6d34178a2a8444f6975cae9943fc6a60443c8

  • SHA256

    349ccb01a1e17e25c77fc7fc36d77ed8fb5ca8346e2bfc87924ce0e63e065475

  • SHA512

    f6b2b830a0b2958a53e68d75bf1da4a3f8d43425f77168ca1c5d941f46c2a97f2a87e32a130b2ff68ee7e9407e4d0297560cc71630faac9b1f312ce056f0ae54

  • SSDEEP

    1536:BELY4mnpKhVMcGCq7IdrQBeOJA8FGkLwLAM636uMSmjp:FKhyNCq8NQYyMhl63M9p

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      349ccb01a1e17e25c77fc7fc36d77ed8fb5ca8346e2bfc87924ce0e63e065475N.exe

    • Size

      74KB

    • MD5

      f0cb92b41230abe4ac8139266a5e08a0

    • SHA1

      e3a6d34178a2a8444f6975cae9943fc6a60443c8

    • SHA256

      349ccb01a1e17e25c77fc7fc36d77ed8fb5ca8346e2bfc87924ce0e63e065475

    • SHA512

      f6b2b830a0b2958a53e68d75bf1da4a3f8d43425f77168ca1c5d941f46c2a97f2a87e32a130b2ff68ee7e9407e4d0297560cc71630faac9b1f312ce056f0ae54

    • SSDEEP

      1536:BELY4mnpKhVMcGCq7IdrQBeOJA8FGkLwLAM636uMSmjp:FKhyNCq8NQYyMhl63M9p

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks