Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

ea82892450...05.exe

windows7-x64

10

ea82892450...05.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea828924500eec3673704e18c8e2f70f20e2fadddd5a803107c935cf9762ea05

  • Size

    92KB

  • Sample

    250305-pds9wsyls3

  • MD5

    2fe218094f61bd2481d5caaae1979c36

  • SHA1

    136b75a0e50b7ad04e1f9f99e755c58dfd30cd68

  • SHA256

    ea828924500eec3673704e18c8e2f70f20e2fadddd5a803107c935cf9762ea05

  • SHA512

    9c35d0949b15be00a0ce0a065be73c03ecb3469b0bfb87af2e64352b16e4289ff382bd6b71818155bf17dd148b7508c18a23503818363d139b63f0931fe9ae1e

  • SSDEEP

    1536:vXWphI44BuZOJXi/YiH8Wm90H9JWvPYml4gzrO8VN3imnunGP+y:u040uhcWfHSvPEgHhVVbe4+y

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      ea828924500eec3673704e18c8e2f70f20e2fadddd5a803107c935cf9762ea05

    • Size

      92KB

    • MD5

      2fe218094f61bd2481d5caaae1979c36

    • SHA1

      136b75a0e50b7ad04e1f9f99e755c58dfd30cd68

    • SHA256

      ea828924500eec3673704e18c8e2f70f20e2fadddd5a803107c935cf9762ea05

    • SHA512

      9c35d0949b15be00a0ce0a065be73c03ecb3469b0bfb87af2e64352b16e4289ff382bd6b71818155bf17dd148b7508c18a23503818363d139b63f0931fe9ae1e

    • SSDEEP

      1536:vXWphI44BuZOJXi/YiH8Wm90H9JWvPYml4gzrO8VN3imnunGP+y:u040uhcWfHSvPEgHhVVbe4+y

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks