Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7995f2fbc6cec83f946d1ecb7bfc1c6045b5b04afa0b990142a5e2ee0f258a50

  • Size

    448KB

  • Sample

    241208-ac9sxs1ngt

  • MD5

    babd4bbb44d3d60dcd282573ed8dcaf8

  • SHA1

    84ea146256f7d5f75ca0bfb8a5fb02de4661cfc0

  • SHA256

    7995f2fbc6cec83f946d1ecb7bfc1c6045b5b04afa0b990142a5e2ee0f258a50

  • SHA512

    078388e51d53d9d8fc89fbc3bcb66960410d9c1975ba136e27e08ac4eb86176196140950d48313b880c35765b7a57302373081fb1ef6cc1ef5213fc0eaa3ce07

  • SSDEEP

    6144:zB/65rQAHE7aOl3BzrUmKyIxLfYeOO9UmKyIxLiajOEjXP3HBsR4/0ePGSzxC:9S5c7aOlxzr3cOK3TajRfXFMKNxC

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7995f2fbc6cec83f946d1ecb7bfc1c6045b5b04afa0b990142a5e2ee0f258a50

    • Size

      448KB

    • MD5

      babd4bbb44d3d60dcd282573ed8dcaf8

    • SHA1

      84ea146256f7d5f75ca0bfb8a5fb02de4661cfc0

    • SHA256

      7995f2fbc6cec83f946d1ecb7bfc1c6045b5b04afa0b990142a5e2ee0f258a50

    • SHA512

      078388e51d53d9d8fc89fbc3bcb66960410d9c1975ba136e27e08ac4eb86176196140950d48313b880c35765b7a57302373081fb1ef6cc1ef5213fc0eaa3ce07

    • SSDEEP

      6144:zB/65rQAHE7aOl3BzrUmKyIxLfYeOO9UmKyIxLiajOEjXP3HBsR4/0ePGSzxC:9S5c7aOlxzr3cOK3TajRfXFMKNxC

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks