Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    ee73e75288b65769352a4a257fdded2a7c224f33a30fa525d5cdfde63e8210bd.exe

  • Size

    249KB

  • Sample

    241222-sqh68ssmhp

  • MD5

    9f13f929b98a185d2c9cf3c55db3d829

  • SHA1

    69fed9d08511dd83775acd2243db7f9e813c79ed

  • SHA256

    ee73e75288b65769352a4a257fdded2a7c224f33a30fa525d5cdfde63e8210bd

  • SHA512

    e7663b3382cd516a7528dc49eb675206e953c824e50e70488883ac977f331b1f1b8bab59a83402ea783b690b13f08bca10577b28a1528f55e683c3226584d42a

  • SSDEEP

    3072:mokPfrruMhomejUEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2okZkm:+29gEdGTBki5CYtI8TAokZV

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ee73e75288b65769352a4a257fdded2a7c224f33a30fa525d5cdfde63e8210bd.exe

    • Size

      249KB

    • MD5

      9f13f929b98a185d2c9cf3c55db3d829

    • SHA1

      69fed9d08511dd83775acd2243db7f9e813c79ed

    • SHA256

      ee73e75288b65769352a4a257fdded2a7c224f33a30fa525d5cdfde63e8210bd

    • SHA512

      e7663b3382cd516a7528dc49eb675206e953c824e50e70488883ac977f331b1f1b8bab59a83402ea783b690b13f08bca10577b28a1528f55e683c3226584d42a

    • SSDEEP

      3072:mokPfrruMhomejUEdmjRrz3TIUV4BKxAcL5CY2VePI8C3U/XYMJ2okZkm:+29gEdGTBki5CYtI8TAokZV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks