General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-b48f23d51f7cc5b75cd01d161305c6863711e9f2a7dfe737ce0eb23ae91bb391N

  • Size

    72KB

  • Sample

    240916-m685pstfqg

  • MD5

    45d1d3f82702b33b4916941181f4c350

  • SHA1

    31bc0e37cb5cdaa13322e325376620ea706fca1c

  • SHA256

    b48f23d51f7cc5b75cd01d161305c6863711e9f2a7dfe737ce0eb23ae91bb391

  • SHA512

    e47c1750421a1dc531e088afaf32638ca2f9ae9ad0c72c57ce8ec132926173c339dbacf70692d3b3ae0c694cd3ef24498d117fff8ce0ece683cacb8e91272849

  • SSDEEP

    1536:hIhpkwhEA7rfmipWmjYA+Mppg3pF/zHbPDXrfTn7vj3LHbPDX8wMRIkQsY0g8oEd:qpSwWOIF/zHbPDXrfTn7vj3LHbPDX8w4

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-b48f23d51f7cc5b75cd01d161305c6863711e9f2a7dfe737ce0eb23ae91bb391N

    • Size

      72KB

    • MD5

      45d1d3f82702b33b4916941181f4c350

    • SHA1

      31bc0e37cb5cdaa13322e325376620ea706fca1c

    • SHA256

      b48f23d51f7cc5b75cd01d161305c6863711e9f2a7dfe737ce0eb23ae91bb391

    • SHA512

      e47c1750421a1dc531e088afaf32638ca2f9ae9ad0c72c57ce8ec132926173c339dbacf70692d3b3ae0c694cd3ef24498d117fff8ce0ece683cacb8e91272849

    • SSDEEP

      1536:hIhpkwhEA7rfmipWmjYA+Mppg3pF/zHbPDXrfTn7vj3LHbPDX8wMRIkQsY0g8oEd:qpSwWOIF/zHbPDXrfTn7vj3LHbPDX8w4

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks