General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-082fe0037302d323ebaeb8a3ce975e1ef968823888a16a4df61ebf7210556142N

  • Size

    89KB

  • Sample

    240916-mya8pstcpa

  • MD5

    f90932c57763ffd449ec437f84ed6180

  • SHA1

    49e5f6aa312e4f3873ba52e3e13e5e962a6130e1

  • SHA256

    082fe0037302d323ebaeb8a3ce975e1ef968823888a16a4df61ebf7210556142

  • SHA512

    571fe05a102933805164ae8fc714c3e8a90a79b58d2121ac0d918266473dbdde91802e5cb91efd9cc42d2567898662cfd62db9a62e8d90a6b8a088c993248dcb

  • SSDEEP

    1536:fKFRwxnlAq6FI7dd2iIBzpvs16lopzQEnOxIKRQafD68a+VMKKTRVGFtUhQfR1Wy:fKFqxnlAFUdSBzpvsrpwea2r4MKy3G7r

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-082fe0037302d323ebaeb8a3ce975e1ef968823888a16a4df61ebf7210556142N

    • Size

      89KB

    • MD5

      f90932c57763ffd449ec437f84ed6180

    • SHA1

      49e5f6aa312e4f3873ba52e3e13e5e962a6130e1

    • SHA256

      082fe0037302d323ebaeb8a3ce975e1ef968823888a16a4df61ebf7210556142

    • SHA512

      571fe05a102933805164ae8fc714c3e8a90a79b58d2121ac0d918266473dbdde91802e5cb91efd9cc42d2567898662cfd62db9a62e8d90a6b8a088c993248dcb

    • SSDEEP

      1536:fKFRwxnlAq6FI7dd2iIBzpvs16lopzQEnOxIKRQafD68a+VMKKTRVGFtUhQfR1Wy:fKFqxnlAFUdSBzpvsrpwea2r4MKy3G7r

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks