Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    7937467e8283bb3ed7a7ca55bfa4d972a106a9498a4fff7afc7c82c094cd353c

  • Size

    96KB

  • Sample

    241224-3pd61a1kbw

  • MD5

    89ec17d3b89124e5458c5876fb1e7d4b

  • SHA1

    057d3e1b7ca42fbe421af338f25a79cad7935aec

  • SHA256

    7937467e8283bb3ed7a7ca55bfa4d972a106a9498a4fff7afc7c82c094cd353c

  • SHA512

    3a0535e42e55e0038cd394b145913dfdee72c8167378078e2a40641726b0836091745c3fb65aef95a98ee7a389321566fa2219099600bfde594b36812f01524c

  • SSDEEP

    1536:Goww4MxQUvvvmaiuO4JjgpubUNzVB29nuB+CugQRQ+KFR5R45WtqV9R2R462izMR:DZvhtrUNhI0Qe+SHrtG9MW3+3l29

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      7937467e8283bb3ed7a7ca55bfa4d972a106a9498a4fff7afc7c82c094cd353c

    • Size

      96KB

    • MD5

      89ec17d3b89124e5458c5876fb1e7d4b

    • SHA1

      057d3e1b7ca42fbe421af338f25a79cad7935aec

    • SHA256

      7937467e8283bb3ed7a7ca55bfa4d972a106a9498a4fff7afc7c82c094cd353c

    • SHA512

      3a0535e42e55e0038cd394b145913dfdee72c8167378078e2a40641726b0836091745c3fb65aef95a98ee7a389321566fa2219099600bfde594b36812f01524c

    • SSDEEP

      1536:Goww4MxQUvvvmaiuO4JjgpubUNzVB29nuB+CugQRQ+KFR5R45WtqV9R2R462izMR:DZvhtrUNhI0Qe+SHrtG9MW3+3l29

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Berbew family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks