Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    209c8e3aae1029be0bc28e021360a533e8c7a244e19bd29bc1175ba84829fd69

  • Size

    448KB

  • Sample

    241208-zd4ezatpcs

  • MD5

    a2f013ddcd10765120b069b9ed3f8c4e

  • SHA1

    2900113a787e6accf2c3131bfa3af9f4080dd718

  • SHA256

    209c8e3aae1029be0bc28e021360a533e8c7a244e19bd29bc1175ba84829fd69

  • SHA512

    b93a4f5bb7eff6b792fc5273ff7d9af819b5bc961fa2f2010550f2ad5a22014729b3de711a69174ce0f9518c353d12e56b599d7b7229e7f0ba9cda854e1431d1

  • SSDEEP

    6144:Z3o+Rzto18SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrloH:Z3n5s87g7/VycgE81li

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      209c8e3aae1029be0bc28e021360a533e8c7a244e19bd29bc1175ba84829fd69

    • Size

      448KB

    • MD5

      a2f013ddcd10765120b069b9ed3f8c4e

    • SHA1

      2900113a787e6accf2c3131bfa3af9f4080dd718

    • SHA256

      209c8e3aae1029be0bc28e021360a533e8c7a244e19bd29bc1175ba84829fd69

    • SHA512

      b93a4f5bb7eff6b792fc5273ff7d9af819b5bc961fa2f2010550f2ad5a22014729b3de711a69174ce0f9518c353d12e56b599d7b7229e7f0ba9cda854e1431d1

    • SSDEEP

      6144:Z3o+Rzto18SeNpgdyuH1lZfRo0V8JcgE+ezpg1xrloH:Z3n5s87g7/VycgE81li

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks