General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-1372a377412f2771de05fc4f9cc48dfa42f59d1052853e574ee498ea68fa3623N

  • Size

    71KB

  • Sample

    240916-nhc8ssvcne

  • MD5

    e61b180837ae6a5e4429ca996d938bf0

  • SHA1

    78458542a018d86b88db4e68f5197fe0afeb4087

  • SHA256

    1372a377412f2771de05fc4f9cc48dfa42f59d1052853e574ee498ea68fa3623

  • SHA512

    74b1c6aaaa244ca28729695ff7f6f4d13e029e3e2fa2b08c272c75a3321619fda0b6477b6963b9c09b5602288754084b12cc8b5ffef5ddcd5b84b993204d0875

  • SSDEEP

    1536:RImgaHZ7cVGIqWPNA6rw7/P4lN3xeb677nwnO4vh0qkOMRQuDbEyRCRRRoR4Rk:RKYZwYIqWw7i3xE27nwnO46cMeAEy03a

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-1372a377412f2771de05fc4f9cc48dfa42f59d1052853e574ee498ea68fa3623N

    • Size

      71KB

    • MD5

      e61b180837ae6a5e4429ca996d938bf0

    • SHA1

      78458542a018d86b88db4e68f5197fe0afeb4087

    • SHA256

      1372a377412f2771de05fc4f9cc48dfa42f59d1052853e574ee498ea68fa3623

    • SHA512

      74b1c6aaaa244ca28729695ff7f6f4d13e029e3e2fa2b08c272c75a3321619fda0b6477b6963b9c09b5602288754084b12cc8b5ffef5ddcd5b84b993204d0875

    • SSDEEP

      1536:RImgaHZ7cVGIqWPNA6rw7/P4lN3xeb677nwnO4vh0qkOMRQuDbEyRCRRRoR4Rk:RKYZwYIqWw7i3xE27nwnO46cMeAEy03a

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks