General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-28fdb0e00f1f7bb50f00abf66ce5c27f4c0471779d1f6d5ca526c148b87e3afdN

  • Size

    92KB

  • Sample

    240916-m43j5stfpp

  • MD5

    80765c98ec3216354f5fd1776b290950

  • SHA1

    81a418f1ebb8bcec07b428e4b40532a32c1d2e36

  • SHA256

    28fdb0e00f1f7bb50f00abf66ce5c27f4c0471779d1f6d5ca526c148b87e3afd

  • SHA512

    8cd8a607ed10b08e29b581ad1d6f354a9a522ec30ff054e5a2e05168f18b995b1beafb1b11d8df30b4b2d75c2caf9a217133ad7d8023bc1a6364b2bfbf4b4969

  • SSDEEP

    1536:akiXrbKLkkD3MsBeVFaD1cve+GrI7erkYkjjPtxOtDnKQrUoR24HsUs:1iXn7sBS6HfrjkvO46THsR

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-28fdb0e00f1f7bb50f00abf66ce5c27f4c0471779d1f6d5ca526c148b87e3afdN

    • Size

      92KB

    • MD5

      80765c98ec3216354f5fd1776b290950

    • SHA1

      81a418f1ebb8bcec07b428e4b40532a32c1d2e36

    • SHA256

      28fdb0e00f1f7bb50f00abf66ce5c27f4c0471779d1f6d5ca526c148b87e3afd

    • SHA512

      8cd8a607ed10b08e29b581ad1d6f354a9a522ec30ff054e5a2e05168f18b995b1beafb1b11d8df30b4b2d75c2caf9a217133ad7d8023bc1a6364b2bfbf4b4969

    • SSDEEP

      1536:akiXrbKLkkD3MsBeVFaD1cve+GrI7erkYkjjPtxOtDnKQrUoR24HsUs:1iXn7sBS6HfrjkvO46THsR

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks