Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f05c36918f3488688dad0e5b5ce81bbf712970500de1589f13b2097208db210b

  • Size

    448KB

  • Sample

    241208-e3gmaaspbw

  • MD5

    d8612faab407abcacf39512e68cb00ec

  • SHA1

    f05deef3ee14c8e8c61b5d407c9e4230b86ac4ce

  • SHA256

    f05c36918f3488688dad0e5b5ce81bbf712970500de1589f13b2097208db210b

  • SHA512

    de0fc5d85a0d260d57f027e5f8e9287f042062251eddf02fd5ccc8d969f991a8491ea17d555bbb424d70a21f5f66515158d0e248b8a77de2e67ef38823d3fdb3

  • SSDEEP

    6144:PmnA1RFVWE8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrloF:Pm4f87g7/VycgE81l2

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f05c36918f3488688dad0e5b5ce81bbf712970500de1589f13b2097208db210b

    • Size

      448KB

    • MD5

      d8612faab407abcacf39512e68cb00ec

    • SHA1

      f05deef3ee14c8e8c61b5d407c9e4230b86ac4ce

    • SHA256

      f05c36918f3488688dad0e5b5ce81bbf712970500de1589f13b2097208db210b

    • SHA512

      de0fc5d85a0d260d57f027e5f8e9287f042062251eddf02fd5ccc8d969f991a8491ea17d555bbb424d70a21f5f66515158d0e248b8a77de2e67ef38823d3fdb3

    • SSDEEP

      6144:PmnA1RFVWE8SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrloF:Pm4f87g7/VycgE81l2

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks