General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-641d8b228f852e75d78dceb058d7671a679599d56b2c3dfdd90f1e3e9b676c31N

  • Size

    96KB

  • Sample

    240916-mwnq1stbrc

  • MD5

    48b1a469e75e27bbf88cbc5349e59520

  • SHA1

    50b5af27414a500f69dc5c6d7670d7b40241e2f0

  • SHA256

    641d8b228f852e75d78dceb058d7671a679599d56b2c3dfdd90f1e3e9b676c31

  • SHA512

    f4aee01a2f5da4d7d75e2beb9457292494279646d6f83ac607e1175d58335af8b22d5c84fc98ae2c51d96978f86f527ab23a14a7cbe3a130c099658efb448e77

  • SSDEEP

    1536:3xoc7NwkXPdxGbTZhX7Arc1hWI4u24luVkLYvjwRQ+WbR5R45WtqV9R2R462izMR:3xVNwkXPzGbTZhXErc2T2ejwe+qHrtGD

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-641d8b228f852e75d78dceb058d7671a679599d56b2c3dfdd90f1e3e9b676c31N

    • Size

      96KB

    • MD5

      48b1a469e75e27bbf88cbc5349e59520

    • SHA1

      50b5af27414a500f69dc5c6d7670d7b40241e2f0

    • SHA256

      641d8b228f852e75d78dceb058d7671a679599d56b2c3dfdd90f1e3e9b676c31

    • SHA512

      f4aee01a2f5da4d7d75e2beb9457292494279646d6f83ac607e1175d58335af8b22d5c84fc98ae2c51d96978f86f527ab23a14a7cbe3a130c099658efb448e77

    • SSDEEP

      1536:3xoc7NwkXPdxGbTZhX7Arc1hWI4u24luVkLYvjwRQ+WbR5R45WtqV9R2R462izMR:3xVNwkXPzGbTZhXErc2T2ejwe+qHrtGD

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks