Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f430b32cce8861c6c00e74c19f2ad76b7d1eb0d69ad3bfcc6328998d016ce2e5N.exe

  • Size

    72KB

  • Sample

    241208-dtt1kszlfy

  • MD5

    1e96ab5de1314109e565e538bd67a7f0

  • SHA1

    b8d5131d1b148c24086681ac47423c86a9ba910a

  • SHA256

    f430b32cce8861c6c00e74c19f2ad76b7d1eb0d69ad3bfcc6328998d016ce2e5

  • SHA512

    0669ffb4d06368ea1d689b63b52fe281bf47116a4f8eaabc331e17d4a7a3b59ac0c22d103726386ad6f3b0866a62c0a5cc3582843dfedf0e6c7adad1b1669066

  • SSDEEP

    1536:qghvmf5GkNMww9e/u+dyfzQ8H01vy2qlg7GDCoQ:qrGk+wlurfH01vyV8GeoQ

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f430b32cce8861c6c00e74c19f2ad76b7d1eb0d69ad3bfcc6328998d016ce2e5N.exe

    • Size

      72KB

    • MD5

      1e96ab5de1314109e565e538bd67a7f0

    • SHA1

      b8d5131d1b148c24086681ac47423c86a9ba910a

    • SHA256

      f430b32cce8861c6c00e74c19f2ad76b7d1eb0d69ad3bfcc6328998d016ce2e5

    • SHA512

      0669ffb4d06368ea1d689b63b52fe281bf47116a4f8eaabc331e17d4a7a3b59ac0c22d103726386ad6f3b0866a62c0a5cc3582843dfedf0e6c7adad1b1669066

    • SSDEEP

      1536:qghvmf5GkNMww9e/u+dyfzQ8H01vy2qlg7GDCoQ:qrGk+wlurfH01vyV8GeoQ

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks