General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-1c11ed1b3384146252d5a54c244b950ac098910e293ca6a4b55a37db72e75563N

  • Size

    96KB

  • Sample

    240916-myssratdnq

  • MD5

    ee159347d3eec9fd3881760f65072400

  • SHA1

    8ac9ef65ab4002a7528eee39254d75cbabb71794

  • SHA256

    1c11ed1b3384146252d5a54c244b950ac098910e293ca6a4b55a37db72e75563

  • SHA512

    3034bb464796e73f48f15fc051a40fbc3e1be483f7ae598ed4ecb34c992c89924b5a0aeb60a5e0e4f3b5d7f5e3def055af0443d14e48dc65a7c320319243451a

  • SSDEEP

    3072:c0UQINwXeDUE7AJEc0sqh+egI0B1/v4Gkd69jc0v:rUQ+wkgz0sqgB14Gkd6NV

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-1c11ed1b3384146252d5a54c244b950ac098910e293ca6a4b55a37db72e75563N

    • Size

      96KB

    • MD5

      ee159347d3eec9fd3881760f65072400

    • SHA1

      8ac9ef65ab4002a7528eee39254d75cbabb71794

    • SHA256

      1c11ed1b3384146252d5a54c244b950ac098910e293ca6a4b55a37db72e75563

    • SHA512

      3034bb464796e73f48f15fc051a40fbc3e1be483f7ae598ed4ecb34c992c89924b5a0aeb60a5e0e4f3b5d7f5e3def055af0443d14e48dc65a7c320319243451a

    • SSDEEP

      3072:c0UQINwXeDUE7AJEc0sqh+egI0B1/v4Gkd69jc0v:rUQ+wkgz0sqgB14Gkd6NV

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks