General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-17e5a5d83feea60cdc1323c766f470e2b001f7d9c6626c51d4ee8418160e3dfdN

  • Size

    93KB

  • Sample

    240916-njc97avcrd

  • MD5

    c094b2d05ba1149d7ffd07b82d040180

  • SHA1

    a80868ded306d4b9c1b15000b6b36f9ccb5e35db

  • SHA256

    17e5a5d83feea60cdc1323c766f470e2b001f7d9c6626c51d4ee8418160e3dfd

  • SHA512

    d9f447bd57bd12682558b42004e1bf30bb3f0aabbed1eaf925d61a8b0b0d4f8f33be954c3d8d57c6e1b1cff955f79fb9a2324b5f8d86b435bf161bece5824692

  • SSDEEP

    1536:H8CVFie1IrmTS66b4zF2A10hzXOdYF8XEvXhWTbjiwg58:c7e1Ij+2A10B8X2XhWbY58

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-17e5a5d83feea60cdc1323c766f470e2b001f7d9c6626c51d4ee8418160e3dfdN

    • Size

      93KB

    • MD5

      c094b2d05ba1149d7ffd07b82d040180

    • SHA1

      a80868ded306d4b9c1b15000b6b36f9ccb5e35db

    • SHA256

      17e5a5d83feea60cdc1323c766f470e2b001f7d9c6626c51d4ee8418160e3dfd

    • SHA512

      d9f447bd57bd12682558b42004e1bf30bb3f0aabbed1eaf925d61a8b0b0d4f8f33be954c3d8d57c6e1b1cff955f79fb9a2324b5f8d86b435bf161bece5824692

    • SSDEEP

      1536:H8CVFie1IrmTS66b4zF2A10hzXOdYF8XEvXhWTbjiwg58:c7e1Ij+2A10B8X2XhWbY58

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks