General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-1c3498ad59115b9be0e66d0c6d69bfad7e93507cdd3d41a687bc9fa6f80fc16aN

  • Size

    89KB

  • Sample

    240916-m4ccysteng

  • MD5

    154ab8d5f8b09b87653e6447047eead0

  • SHA1

    27b20075e2f7153e000bbc0c7473f5e798374927

  • SHA256

    1c3498ad59115b9be0e66d0c6d69bfad7e93507cdd3d41a687bc9fa6f80fc16a

  • SHA512

    b5e1fce94c225105bd1f6245ede7a2f4dd1d979746952c8c6b9516d62442ef017a46ed10437bcb6a209687eeb83fc3904b2d29bc2f3d601c8b6ec4508c7b0834

  • SSDEEP

    1536:fb0hxd3PhpaFrl2VJsrZGkYKYaTdcAbiduM3jRQzR+KRFR3RzR1URJrCiuiNj5Q2:Kd32724rZGkpOyGTTezjb5ZXUf2iuOjH

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-1c3498ad59115b9be0e66d0c6d69bfad7e93507cdd3d41a687bc9fa6f80fc16aN

    • Size

      89KB

    • MD5

      154ab8d5f8b09b87653e6447047eead0

    • SHA1

      27b20075e2f7153e000bbc0c7473f5e798374927

    • SHA256

      1c3498ad59115b9be0e66d0c6d69bfad7e93507cdd3d41a687bc9fa6f80fc16a

    • SHA512

      b5e1fce94c225105bd1f6245ede7a2f4dd1d979746952c8c6b9516d62442ef017a46ed10437bcb6a209687eeb83fc3904b2d29bc2f3d601c8b6ec4508c7b0834

    • SSDEEP

      1536:fb0hxd3PhpaFrl2VJsrZGkYKYaTdcAbiduM3jRQzR+KRFR3RzR1URJrCiuiNj5Q2:Kd32724rZGkpOyGTTezjb5ZXUf2iuOjH

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks