Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
0d7084555fd91d4ac5276d8336af815feb65a0ee41dda835c6012158a2f6674bN.exe
-
Size
520KB
-
Sample
241225-xw823atlfv
-
MD5
e107485127d5453190b9a438871c80f0
-
SHA1
272dceb6ac1d39ad8c5974d151642faef6ff2439
-
SHA256
0d7084555fd91d4ac5276d8336af815feb65a0ee41dda835c6012158a2f6674b
-
SHA512
1a100d3a9947701e240e7ca9a9378fd4a7b290421082b2f8ed1d8fd5a5a28ffd2e34c785af62251c606e19a68b601b60b1ba8783dba8cacffa05b39f1c7b6b11
-
SSDEEP
6144:ORxa+ZrKA2NFM6234lKm3mo8Yvi4KsLTFM6234lKm3r8SeNpgdyuH1lZfRo0V8JS:O2+ZsFB24lwR45FB24lJ87g7/VycgEH
Malware Config
Extracted
berbew
http://viruslist.com/wcmd.txt
http://viruslist.com/ppslog.php
http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d
Targets
-
-
Target
0d7084555fd91d4ac5276d8336af815feb65a0ee41dda835c6012158a2f6674bN.exe
-
Size
520KB
-
MD5
e107485127d5453190b9a438871c80f0
-
SHA1
272dceb6ac1d39ad8c5974d151642faef6ff2439
-
SHA256
0d7084555fd91d4ac5276d8336af815feb65a0ee41dda835c6012158a2f6674b
-
SHA512
1a100d3a9947701e240e7ca9a9378fd4a7b290421082b2f8ed1d8fd5a5a28ffd2e34c785af62251c606e19a68b601b60b1ba8783dba8cacffa05b39f1c7b6b11
-
SSDEEP
6144:ORxa+ZrKA2NFM6234lKm3mo8Yvi4KsLTFM6234lKm3r8SeNpgdyuH1lZfRo0V8JS:O2+ZsFB24lwR45FB24lJ87g7/VycgEH
Score10/10-
Adds autorun key to be loaded by Explorer.exe on startup
-
Berbew
Berbew is a backdoor written in C++.
-
Berbew family
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops file in System32 directory
-