Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    21a0915750e05b18443f82df86958e3a951f59d1c4932a9595220f78603aeb11

  • Size

    128KB

  • Sample

    241222-y94vyayler

  • MD5

    ee42b9c07873af4c78c4ff99136f34a7

  • SHA1

    08b59c1cdcd609fb3cf7dc87d9f956d3a5c388ad

  • SHA256

    21a0915750e05b18443f82df86958e3a951f59d1c4932a9595220f78603aeb11

  • SHA512

    b361e3f5b1bc0796aeb64559a519eca8086211f00032a52f06dd05d210471bbcf2d858178304c37c559f612de681f7c1f7cdce8bca207211f15fe0fd6fafb1bb

  • SSDEEP

    3072:bbDrGcQDdQeSBJqoMHWipPEOyPxMeEvPOdgujv6NLPfFFrKP9:bbDrGcQtwcoMHWiJyJML3OdgawrFZKP

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      21a0915750e05b18443f82df86958e3a951f59d1c4932a9595220f78603aeb11

    • Size

      128KB

    • MD5

      ee42b9c07873af4c78c4ff99136f34a7

    • SHA1

      08b59c1cdcd609fb3cf7dc87d9f956d3a5c388ad

    • SHA256

      21a0915750e05b18443f82df86958e3a951f59d1c4932a9595220f78603aeb11

    • SHA512

      b361e3f5b1bc0796aeb64559a519eca8086211f00032a52f06dd05d210471bbcf2d858178304c37c559f612de681f7c1f7cdce8bca207211f15fe0fd6fafb1bb

    • SSDEEP

      3072:bbDrGcQDdQeSBJqoMHWipPEOyPxMeEvPOdgujv6NLPfFFrKP9:bbDrGcQtwcoMHWiJyJML3OdgawrFZKP

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.