Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    56be6aa883f1d242a9610a98717fc2bca5bbd238fd5184a9acf2487a782b839a

  • Size

    844KB

  • Sample

    241224-2abxnayrcm

  • MD5

    b2227265601e058673f80e5c3c76282f

  • SHA1

    54bb5f361f5a907e92c99514e14490d4c9948f11

  • SHA256

    56be6aa883f1d242a9610a98717fc2bca5bbd238fd5184a9acf2487a782b839a

  • SHA512

    e960147835f5144deb2dad59521c7cf69da17c22ed693c64cca93b53ed79d7c87d43621fd5fac2e652fd426ec719a7d309de50ddb8940c1a8222a7a025c02e81

  • SSDEEP

    24576:oGnyH5W3TnbQihMpQnqrdX72LbY6x46uR/qYglMi:oGyH5W3TbQihw+cdX2x46uhqllMi

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      56be6aa883f1d242a9610a98717fc2bca5bbd238fd5184a9acf2487a782b839a

    • Size

      844KB

    • MD5

      b2227265601e058673f80e5c3c76282f

    • SHA1

      54bb5f361f5a907e92c99514e14490d4c9948f11

    • SHA256

      56be6aa883f1d242a9610a98717fc2bca5bbd238fd5184a9acf2487a782b839a

    • SHA512

      e960147835f5144deb2dad59521c7cf69da17c22ed693c64cca93b53ed79d7c87d43621fd5fac2e652fd426ec719a7d309de50ddb8940c1a8222a7a025c02e81

    • SSDEEP

      24576:oGnyH5W3TnbQihMpQnqrdX72LbY6x46uR/qYglMi:oGyH5W3TbQihw+cdX2x46uhqllMi

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.