General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-08b49b97267a6161bdbbeac78c65fd388965516cc4f44a4578f5d15c4ed76654N

  • Size

    96KB

  • Sample

    240916-m5ff1atfjb

  • MD5

    b9eabcf47379b595c8fcb79df8366010

  • SHA1

    7edc2d41555fea6f7c7f8ca835241c447e8e7ec1

  • SHA256

    08b49b97267a6161bdbbeac78c65fd388965516cc4f44a4578f5d15c4ed76654

  • SHA512

    a16f61d6309957095e6cb9630030ba44da7757f31a1f8df6fc5c4aa9e36bb80969b57648d7cddf3406c70ba959d90e7cf492579e29a4ca6bb26e192cc626b6e5

  • SSDEEP

    1536:4V/hDIDMNCwbPt9/UCk7/OPjSJMxAIsnTfkA17tXgduV9jojTIvjrH:4bIDICKb8Sb9xAtzkA17tXgd69jc0vf

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-08b49b97267a6161bdbbeac78c65fd388965516cc4f44a4578f5d15c4ed76654N

    • Size

      96KB

    • MD5

      b9eabcf47379b595c8fcb79df8366010

    • SHA1

      7edc2d41555fea6f7c7f8ca835241c447e8e7ec1

    • SHA256

      08b49b97267a6161bdbbeac78c65fd388965516cc4f44a4578f5d15c4ed76654

    • SHA512

      a16f61d6309957095e6cb9630030ba44da7757f31a1f8df6fc5c4aa9e36bb80969b57648d7cddf3406c70ba959d90e7cf492579e29a4ca6bb26e192cc626b6e5

    • SSDEEP

      1536:4V/hDIDMNCwbPt9/UCk7/OPjSJMxAIsnTfkA17tXgduV9jojTIvjrH:4bIDICKb8Sb9xAtzkA17tXgd69jc0vf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks