General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-d79df2bdfcc20b9fb35728a37852132d520277a127f3d3606b673470838dc942N

  • Size

    89KB

  • Sample

    240916-nhg7ravcpa

  • MD5

    b8678f8b730d0a172091e0674b917590

  • SHA1

    6ea47576a34fdc5092dd3750c3fe4d66a7a3dd66

  • SHA256

    d79df2bdfcc20b9fb35728a37852132d520277a127f3d3606b673470838dc942

  • SHA512

    43d150d7145c967070c3b9158b657c502d2984735ec7a48f9bf34b76257b03b6491cb7507441c061780e21872a7efd7f082d0d41e1473038c2963c3bd8daa3b3

  • SSDEEP

    1536:bOGZInhO7DxzdJezYm02nNGTM1iW9OLRQyR+KRFR3RzR1URJrCiuiNj5QkMMWRkT:bOGShEDxzdSYB2NGTMcLeyjb5ZXUf2ib

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-d79df2bdfcc20b9fb35728a37852132d520277a127f3d3606b673470838dc942N

    • Size

      89KB

    • MD5

      b8678f8b730d0a172091e0674b917590

    • SHA1

      6ea47576a34fdc5092dd3750c3fe4d66a7a3dd66

    • SHA256

      d79df2bdfcc20b9fb35728a37852132d520277a127f3d3606b673470838dc942

    • SHA512

      43d150d7145c967070c3b9158b657c502d2984735ec7a48f9bf34b76257b03b6491cb7507441c061780e21872a7efd7f082d0d41e1473038c2963c3bd8daa3b3

    • SSDEEP

      1536:bOGZInhO7DxzdJezYm02nNGTM1iW9OLRQyR+KRFR3RzR1URJrCiuiNj5QkMMWRkT:bOGShEDxzdSYB2NGTMcLeyjb5ZXUf2ib

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks