Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
34f1af13b260e89802012e8fda2d1832af969b068affd0716cec50c5503cf8f5
-
Size
320KB
-
Sample
241208-1b13havjfz
-
MD5
e8be69390b7292cbc25515e0d8757af8
-
SHA1
2d84a2f0414da3a23b7f9bb08c7cbaf82b1bda10
-
SHA256
34f1af13b260e89802012e8fda2d1832af969b068affd0716cec50c5503cf8f5
-
SHA512
aae9f44ab7e634eba44bb36bfac9e3b0f5613907d54fdd63992160eb23915469ae5eb51edc9c2005d1c1f13ed9d158fedd0b9a430d9ac1ed5cd49f843b583b28
-
SSDEEP
6144:6Kj2LtOTlBLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N1I0Y:8LMTUYJ07kE0KoFtw2gu9RxrBIUbPLwz
Malware Config
Extracted
berbew
http://viruslist.com/wcmd.txt
http://viruslist.com/ppslog.php
http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Targets
-
-
Target
34f1af13b260e89802012e8fda2d1832af969b068affd0716cec50c5503cf8f5
-
Size
320KB
-
MD5
e8be69390b7292cbc25515e0d8757af8
-
SHA1
2d84a2f0414da3a23b7f9bb08c7cbaf82b1bda10
-
SHA256
34f1af13b260e89802012e8fda2d1832af969b068affd0716cec50c5503cf8f5
-
SHA512
aae9f44ab7e634eba44bb36bfac9e3b0f5613907d54fdd63992160eb23915469ae5eb51edc9c2005d1c1f13ed9d158fedd0b9a430d9ac1ed5cd49f843b583b28
-
SSDEEP
6144:6Kj2LtOTlBLAYCtE07kli0KoCYtw2B0Ddu9szWfx09UBIUbPLwH/lLOUaR/N1I0Y:8LMTUYJ07kE0KoFtw2gu9RxrBIUbPLwz
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-