General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-5e2981480ec1b6fc6b1fac98304311e37a5af7e8c985593b2b115b58f27e588cN

  • Size

    89KB

  • Sample

    240916-m5zjwatfkh

  • MD5

    6c23fe4959a1fef73fb3dd48cf6a8340

  • SHA1

    f5971618cc69b5f8254f433c8fda790958f2c3bd

  • SHA256

    5e2981480ec1b6fc6b1fac98304311e37a5af7e8c985593b2b115b58f27e588c

  • SHA512

    7161654a80d217cbe47211f73700b6f482fc29c19399aae20239de18f039f87e640bd1f7acdf9ba5aecb6e6d8ecacfdf854674e239ea959bc98749f10943780a

  • SSDEEP

    1536:i3muXS16FN/2SN0dufdSIB1uf105+TlTtpppDq4TjLxXRQj4R+KRFR3RzR1URJrF:mmuXSa/zSe0W1u10MTlTtpppDq4TJXeV

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-5e2981480ec1b6fc6b1fac98304311e37a5af7e8c985593b2b115b58f27e588cN

    • Size

      89KB

    • MD5

      6c23fe4959a1fef73fb3dd48cf6a8340

    • SHA1

      f5971618cc69b5f8254f433c8fda790958f2c3bd

    • SHA256

      5e2981480ec1b6fc6b1fac98304311e37a5af7e8c985593b2b115b58f27e588c

    • SHA512

      7161654a80d217cbe47211f73700b6f482fc29c19399aae20239de18f039f87e640bd1f7acdf9ba5aecb6e6d8ecacfdf854674e239ea959bc98749f10943780a

    • SSDEEP

      1536:i3muXS16FN/2SN0dufdSIB1uf105+TlTtpppDq4TjLxXRQj4R+KRFR3RzR1URJrF:mmuXSa/zSe0W1u10MTlTtpppDq4TJXeV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks