Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

f119d07db5...e6.exe

windows7-x64

10

f119d07db5...e6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f119d07db50afecb97e18145832dfe6bfbbec8f59dcd3ebe2ce8c498e670a4e6

  • Size

    359KB

  • Sample

    250305-pwhacayvcz

  • MD5

    93a0ed7f3caf541d3e7f96256b9595d0

  • SHA1

    940f28107a0ffaffd2a83efc281826b61e50ff5c

  • SHA256

    f119d07db50afecb97e18145832dfe6bfbbec8f59dcd3ebe2ce8c498e670a4e6

  • SHA512

    a03cdb633a237782fedb09e440365b39dc53c0aa01a6e77a6331b873257d80baeacdfb2803365c66279d68699b7fbe57c5d6dd904d1d67be39bdd4d20ba67810

  • SSDEEP

    6144:J4HvIj8TPAnG8YVrOigcC6oQ6+EcC6oQ6+YahBQyiTACPTRN6+YahBQyiTAgiuMg:J4Hv7T4QK9E6n9E6vah6yiMCPTRN6vaU

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      f119d07db50afecb97e18145832dfe6bfbbec8f59dcd3ebe2ce8c498e670a4e6

    • Size

      359KB

    • MD5

      93a0ed7f3caf541d3e7f96256b9595d0

    • SHA1

      940f28107a0ffaffd2a83efc281826b61e50ff5c

    • SHA256

      f119d07db50afecb97e18145832dfe6bfbbec8f59dcd3ebe2ce8c498e670a4e6

    • SHA512

      a03cdb633a237782fedb09e440365b39dc53c0aa01a6e77a6331b873257d80baeacdfb2803365c66279d68699b7fbe57c5d6dd904d1d67be39bdd4d20ba67810

    • SSDEEP

      6144:J4HvIj8TPAnG8YVrOigcC6oQ6+EcC6oQ6+YahBQyiTACPTRN6+YahBQyiTAgiuMg:J4Hv7T4QK9E6n9E6vah6yiMCPTRN6vaU

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks