Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

d1e904a1c4...6c.exe

windows7-x64

10

d1e904a1c4...6c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d1e904a1c4a7c6f8ee7d4fe8d07e50869fdc535fe515445219a83d85986a516c

  • Size

    93KB

  • Sample

    250305-mc6gqawny4

  • MD5

    504bf8fe1067f6a92b4966e949b7e673

  • SHA1

    e70b27b9ae93837c3e623809b68510907ebde5e2

  • SHA256

    d1e904a1c4a7c6f8ee7d4fe8d07e50869fdc535fe515445219a83d85986a516c

  • SHA512

    53afe9a223744886efa1d2ae4ea3447750ee75250206c1f36f73f50979ad9062b838ea9c9fb4f77523e374286f7f833672c77aee60dc6670b9f4198a69840aa5

  • SSDEEP

    1536:U80mMoi5pfGBSQarLJ8jLYLNTzmsmRhC6ls1rvj665wxsaMiwihtIbbpku:j0B35tGXar7pfNmRSbu65KdMiwaIbbp7

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      d1e904a1c4a7c6f8ee7d4fe8d07e50869fdc535fe515445219a83d85986a516c

    • Size

      93KB

    • MD5

      504bf8fe1067f6a92b4966e949b7e673

    • SHA1

      e70b27b9ae93837c3e623809b68510907ebde5e2

    • SHA256

      d1e904a1c4a7c6f8ee7d4fe8d07e50869fdc535fe515445219a83d85986a516c

    • SHA512

      53afe9a223744886efa1d2ae4ea3447750ee75250206c1f36f73f50979ad9062b838ea9c9fb4f77523e374286f7f833672c77aee60dc6670b9f4198a69840aa5

    • SSDEEP

      1536:U80mMoi5pfGBSQarLJ8jLYLNTzmsmRhC6ls1rvj665wxsaMiwihtIbbpku:j0B35tGXar7pfNmRSbu65KdMiwaIbbp7

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks