General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-cd3f3c8c91bbfa266a83ecfab44cf3102cefb8cf3e20677dec1ebe6a21f0801eN

  • Size

    71KB

  • Sample

    240916-m1drlstekp

  • MD5

    9465d995bfb18350fe4f4dfd4841d230

  • SHA1

    a179dadfb8d13f114fcc51837ea8ca2530c3f025

  • SHA256

    cd3f3c8c91bbfa266a83ecfab44cf3102cefb8cf3e20677dec1ebe6a21f0801e

  • SHA512

    8bc839b8e03b11a44fbd9d96b8dc1854d91768e0b65f6c4956de126ddc902d7acc2ab4fdf8b04219303f09804934977ff47cf4e0ffe5495a08c415bead27784c

  • SSDEEP

    1536:j0uvcWYbVywlYLS5uBAUkmbwf3wCtrZ5sZD4cT016RQwMDbEyRCRRRoR4Rk:j0uvGwS5u/bmrZaZD4f16eLEy032ya

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-cd3f3c8c91bbfa266a83ecfab44cf3102cefb8cf3e20677dec1ebe6a21f0801eN

    • Size

      71KB

    • MD5

      9465d995bfb18350fe4f4dfd4841d230

    • SHA1

      a179dadfb8d13f114fcc51837ea8ca2530c3f025

    • SHA256

      cd3f3c8c91bbfa266a83ecfab44cf3102cefb8cf3e20677dec1ebe6a21f0801e

    • SHA512

      8bc839b8e03b11a44fbd9d96b8dc1854d91768e0b65f6c4956de126ddc902d7acc2ab4fdf8b04219303f09804934977ff47cf4e0ffe5495a08c415bead27784c

    • SSDEEP

      1536:j0uvcWYbVywlYLS5uBAUkmbwf3wCtrZ5sZD4cT016RQwMDbEyRCRRRoR4Rk:j0uvGwS5u/bmrZaZD4f16eLEy032ya

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks