General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-1c1fa276e925bf21711e7b46503f25072a082afa9d3e560d62a35e9b80fb92b5N

  • Size

    89KB

  • Sample

    240916-m2p62ateqj

  • MD5

    65d204573152cda205ec48d024510ff0

  • SHA1

    45e79478da8eadbbaecc107d76dc4377bfb86abc

  • SHA256

    1c1fa276e925bf21711e7b46503f25072a082afa9d3e560d62a35e9b80fb92b5

  • SHA512

    4705c1018082563accbd8f8d7ff1f23ced2472cfcbae165181409915900a904577fd1b35e9063f79a4088a17aca0f520887d2339b65875175975e76a30e0eff0

  • SSDEEP

    1536:/DTqRfhL1/Ed/1SuZ3RVMWf6uQlIMl/ZaZ3RQsD68a+VMKKTRVGFtUhQfR1WRaRR:/0Lm/GlTlBY3eNr4MKy3G7UEqMM6

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-1c1fa276e925bf21711e7b46503f25072a082afa9d3e560d62a35e9b80fb92b5N

    • Size

      89KB

    • MD5

      65d204573152cda205ec48d024510ff0

    • SHA1

      45e79478da8eadbbaecc107d76dc4377bfb86abc

    • SHA256

      1c1fa276e925bf21711e7b46503f25072a082afa9d3e560d62a35e9b80fb92b5

    • SHA512

      4705c1018082563accbd8f8d7ff1f23ced2472cfcbae165181409915900a904577fd1b35e9063f79a4088a17aca0f520887d2339b65875175975e76a30e0eff0

    • SSDEEP

      1536:/DTqRfhL1/Ed/1SuZ3RVMWf6uQlIMl/ZaZ3RQsD68a+VMKKTRVGFtUhQfR1WRaRR:/0Lm/GlTlBY3eNr4MKy3G7UEqMM6

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks