General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-2b4b0563aea01cb9c00f677435423fa37262ce9d80246b715b5171a028083635N

  • Size

    71KB

  • Sample

    240916-m2bzeatenn

  • MD5

    73d948e5704832a2cadd3a385507f0f0

  • SHA1

    48fdb222c1d10b76fe93c8b69cafdf87f98825f6

  • SHA256

    2b4b0563aea01cb9c00f677435423fa37262ce9d80246b715b5171a028083635

  • SHA512

    0254a3505818724064e6a7cf9994bce922282b04cd8ce0f18e9c20764d8ade6efb7a9e9c44a65fb6b019d52bbc5cef88c0094e6f676a29ddfc5028e7c166c226

  • SSDEEP

    1536:+Ahon8W0HEEUh+4SK6sIQZgkQkYeTndmRQPK1P+ATT:glPh4aIVkkkndmeCP+A3

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-2b4b0563aea01cb9c00f677435423fa37262ce9d80246b715b5171a028083635N

    • Size

      71KB

    • MD5

      73d948e5704832a2cadd3a385507f0f0

    • SHA1

      48fdb222c1d10b76fe93c8b69cafdf87f98825f6

    • SHA256

      2b4b0563aea01cb9c00f677435423fa37262ce9d80246b715b5171a028083635

    • SHA512

      0254a3505818724064e6a7cf9994bce922282b04cd8ce0f18e9c20764d8ade6efb7a9e9c44a65fb6b019d52bbc5cef88c0094e6f676a29ddfc5028e7c166c226

    • SSDEEP

      1536:+Ahon8W0HEEUh+4SK6sIQZgkQkYeTndmRQPK1P+ATT:glPh4aIVkkkndmeCP+A3

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks