General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-35f395ce4b3ce8412a018f0ef271c2434b885f959942147006b00107eaffe7c7N

  • Size

    71KB

  • Sample

    240916-m6tp1stgmp

  • MD5

    79cfd93a85946e540c7e321e52fbbda0

  • SHA1

    bd765537b2fb8a3d4ec54f9e44152f7f5248fe48

  • SHA256

    35f395ce4b3ce8412a018f0ef271c2434b885f959942147006b00107eaffe7c7

  • SHA512

    65208fe8e9987ec88ee87b4e36eb22a99b588428538848f0a9d4c614f49ed885190e05ab665ff419af4c920835ceb90ce1caf5da48b9b68b025cbde8dea0f014

  • SSDEEP

    1536:HKYk5trc+RUEYst3G/APP6QTryUzNhvOEdbuRQIDbEyRCRRRoR4Rk:HmHDRUBd2AUz3bueeEy032ya

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-35f395ce4b3ce8412a018f0ef271c2434b885f959942147006b00107eaffe7c7N

    • Size

      71KB

    • MD5

      79cfd93a85946e540c7e321e52fbbda0

    • SHA1

      bd765537b2fb8a3d4ec54f9e44152f7f5248fe48

    • SHA256

      35f395ce4b3ce8412a018f0ef271c2434b885f959942147006b00107eaffe7c7

    • SHA512

      65208fe8e9987ec88ee87b4e36eb22a99b588428538848f0a9d4c614f49ed885190e05ab665ff419af4c920835ceb90ce1caf5da48b9b68b025cbde8dea0f014

    • SSDEEP

      1536:HKYk5trc+RUEYst3G/APP6QTryUzNhvOEdbuRQIDbEyRCRRRoR4Rk:HmHDRUBd2AUz3bueeEy032ya

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks