General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-5effc82e9b9420031a132ffc4e5d0d08983eafbed73e1f362d96881635eb9357N

  • Size

    401KB

  • Sample

    240916-m2hf7atepm

  • MD5

    c21a94d4766a9f0f828ffd69da960160

  • SHA1

    814a154b7f656078d73cad810e7b1bf0f2db05f5

  • SHA256

    5effc82e9b9420031a132ffc4e5d0d08983eafbed73e1f362d96881635eb9357

  • SHA512

    eb7c632a2863ddab87926abae396de4cb4a2728899266e7cccaf8942d48fa19c2aa4bd48f10fb15be981882136d4b30c9ecc27d7441838f632c6fa0a15357ee6

  • SSDEEP

    6144:sjs0HRYATbndpui6yYPaIGckfru5xyDpui6yYPaIGckSU05836PGyA7:4vH5vndpV6yYP4rbpV6yYPg058KrY

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-5effc82e9b9420031a132ffc4e5d0d08983eafbed73e1f362d96881635eb9357N

    • Size

      401KB

    • MD5

      c21a94d4766a9f0f828ffd69da960160

    • SHA1

      814a154b7f656078d73cad810e7b1bf0f2db05f5

    • SHA256

      5effc82e9b9420031a132ffc4e5d0d08983eafbed73e1f362d96881635eb9357

    • SHA512

      eb7c632a2863ddab87926abae396de4cb4a2728899266e7cccaf8942d48fa19c2aa4bd48f10fb15be981882136d4b30c9ecc27d7441838f632c6fa0a15357ee6

    • SSDEEP

      6144:sjs0HRYATbndpui6yYPaIGckfru5xyDpui6yYPaIGckSU05836PGyA7:4vH5vndpV6yYP4rbpV6yYPg058KrY

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks