Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

9e0aa91ec7...98.exe

windows7-x64

10

9e0aa91ec7...98.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e0aa91ec787012f25cf11fa5538fb4ea9022eeebc24a70a206670d07f224f98

  • Size

    94KB

  • Sample

    250308-g9ykgssxav

  • MD5

    9ae6c8cc3d7d7490808530e903f431e0

  • SHA1

    cff4e3b77f91e7e098846da1f1b42479a2eab371

  • SHA256

    9e0aa91ec787012f25cf11fa5538fb4ea9022eeebc24a70a206670d07f224f98

  • SHA512

    c7c6c1c443750b9ec4b8fce05df2721453fc4d1a1ed6c8dbd11ba402fc23d565ada6194de92149cbaec8a3a2d4e0ed9c50f5c1a465036c43cc6bf7e2902c61eb

  • SSDEEP

    1536:/7r8EB1irR5dkanA6kx8F+Yr3QK9UpKt7zTWhRQDzVRfRa9HprmRfRZ:/7YlbnA6+49US7zTceDZ5wkpv

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      9e0aa91ec787012f25cf11fa5538fb4ea9022eeebc24a70a206670d07f224f98

    • Size

      94KB

    • MD5

      9ae6c8cc3d7d7490808530e903f431e0

    • SHA1

      cff4e3b77f91e7e098846da1f1b42479a2eab371

    • SHA256

      9e0aa91ec787012f25cf11fa5538fb4ea9022eeebc24a70a206670d07f224f98

    • SHA512

      c7c6c1c443750b9ec4b8fce05df2721453fc4d1a1ed6c8dbd11ba402fc23d565ada6194de92149cbaec8a3a2d4e0ed9c50f5c1a465036c43cc6bf7e2902c61eb

    • SSDEEP

      1536:/7r8EB1irR5dkanA6kx8F+Yr3QK9UpKt7zTWhRQDzVRfRa9HprmRfRZ:/7YlbnA6+49US7zTceDZ5wkpv

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Berbew family

      berbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks