Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

dcabba44af...05.exe

windows7-x64

10

dcabba44af...05.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dcabba44af78536add0df515edaa7ab850468b70afdeeb0c89e709f628dda905

  • Size

    406KB

  • Sample

    250305-m52n8swzds

  • MD5

    657b03bd490f9154ce6edb451e493ed5

  • SHA1

    f03fe43346bf829922d072cc0b729abc4b3926f3

  • SHA256

    dcabba44af78536add0df515edaa7ab850468b70afdeeb0c89e709f628dda905

  • SHA512

    d3f4433f52cd3e99614695cb4eebf127840cb28930fd9e3e29b4830e3673d55a57652c2a49bc41995b79b332b8a1a35be415db3698be0d1b0f5f449e3b01b87e

  • SSDEEP

    12288:3Tthmm2o8wE39uW8wESByvNv54B9f01ZmHB9:3Bht2o8wDW8wQvr4B9f01Zmv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      dcabba44af78536add0df515edaa7ab850468b70afdeeb0c89e709f628dda905

    • Size

      406KB

    • MD5

      657b03bd490f9154ce6edb451e493ed5

    • SHA1

      f03fe43346bf829922d072cc0b729abc4b3926f3

    • SHA256

      dcabba44af78536add0df515edaa7ab850468b70afdeeb0c89e709f628dda905

    • SHA512

      d3f4433f52cd3e99614695cb4eebf127840cb28930fd9e3e29b4830e3673d55a57652c2a49bc41995b79b332b8a1a35be415db3698be0d1b0f5f449e3b01b87e

    • SSDEEP

      12288:3Tthmm2o8wE39uW8wESByvNv54B9f01ZmHB9:3Bht2o8wDW8wQvr4B9f01Zmv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks