Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    76067f2f41c69466d951ac8cedb207e5aa8430d131d69f5a0bc485b10bf01aea

  • Size

    192KB

  • Sample

    241207-3zbhvs1lgz

  • MD5

    b53e07df86809c7a8f5394faa7406828

  • SHA1

    bc138d46318322ddf2356552bdc10d1d32e2636b

  • SHA256

    76067f2f41c69466d951ac8cedb207e5aa8430d131d69f5a0bc485b10bf01aea

  • SHA512

    c959d4e9bdb9045b54bee8c0b8e7e91b850fedbb24537054226da4ea25f8c11889c891db0c50ea6267a91bb4bcdafe9ede26752822ea530b128b00400781e68c

  • SSDEEP

    3072:ATMyeCqzBtHhxrHBqMART2kODIO6PbxYi/mjRrz3OaZFU24cQ7SZFU2:AT2F22IOmbxYi/GOORjMmR

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      76067f2f41c69466d951ac8cedb207e5aa8430d131d69f5a0bc485b10bf01aea

    • Size

      192KB

    • MD5

      b53e07df86809c7a8f5394faa7406828

    • SHA1

      bc138d46318322ddf2356552bdc10d1d32e2636b

    • SHA256

      76067f2f41c69466d951ac8cedb207e5aa8430d131d69f5a0bc485b10bf01aea

    • SHA512

      c959d4e9bdb9045b54bee8c0b8e7e91b850fedbb24537054226da4ea25f8c11889c891db0c50ea6267a91bb4bcdafe9ede26752822ea530b128b00400781e68c

    • SSDEEP

      3072:ATMyeCqzBtHhxrHBqMART2kODIO6PbxYi/mjRrz3OaZFU24cQ7SZFU2:AT2F22IOmbxYi/GOORjMmR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks