Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

b0a6bc6c56...4b.exe

windows7-x64

10

b0a6bc6c56...4b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b0a6bc6c566b07b9ffb26e027a583ab90ba657842294bda0ac9045e6b9929a4b

  • Size

    470KB

  • Sample

    250305-jlsenstjs6

  • MD5

    a7155273bae2344f4ee0fb4ea73d6694

  • SHA1

    1f050c72f2294f9645470d9585aacd243a0f7d9b

  • SHA256

    b0a6bc6c566b07b9ffb26e027a583ab90ba657842294bda0ac9045e6b9929a4b

  • SHA512

    8806c8cc712d9afdd1d6fd0ba9b2c96dcc057a64c442374366ee09b70c4077d77890fc4008ccb66dabfd1ed0777e4f4ade2d7189370f5c99da1716342b7a85ec

  • SSDEEP

    12288:WTNb/Qc8QVj94nLiFzN3b7CUq1u2ztB1XQKTQInqyS6Rm6TIJ3l7DurTG9c8QVji:MJ4u

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      b0a6bc6c566b07b9ffb26e027a583ab90ba657842294bda0ac9045e6b9929a4b

    • Size

      470KB

    • MD5

      a7155273bae2344f4ee0fb4ea73d6694

    • SHA1

      1f050c72f2294f9645470d9585aacd243a0f7d9b

    • SHA256

      b0a6bc6c566b07b9ffb26e027a583ab90ba657842294bda0ac9045e6b9929a4b

    • SHA512

      8806c8cc712d9afdd1d6fd0ba9b2c96dcc057a64c442374366ee09b70c4077d77890fc4008ccb66dabfd1ed0777e4f4ade2d7189370f5c99da1716342b7a85ec

    • SSDEEP

      12288:WTNb/Qc8QVj94nLiFzN3b7CUq1u2ztB1XQKTQInqyS6Rm6TIJ3l7DurTG9c8QVji:MJ4u

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks