General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-45a2719352e50f664758feff146fddd735f2c522ea25e0395047cec53a017d2aN

  • Size

    96KB

  • Sample

    240916-nlyznsverl

  • MD5

    f908c2632dac9376a28df1c82bc1a830

  • SHA1

    97b0f03a42a9fdbf85c22daaf91aaeaef45f009d

  • SHA256

    45a2719352e50f664758feff146fddd735f2c522ea25e0395047cec53a017d2a

  • SHA512

    e82f476ca4abe02afef522e1a9bcaf8db399e8a9f5240acf2ec6e3966a864038459a72c5856f8d245c4ec89e8db6d6fcb156766b7e2f22c29f89701be5275fd8

  • SSDEEP

    1536:kVsw80iqV92fOCxRwJ2gWxazGSQTWUWMUJTb085VrPzZaHFFfUN1Avhw6JCMd:kVMbgWxkGTTRUJ30OBlcFFfUrQlMW

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-45a2719352e50f664758feff146fddd735f2c522ea25e0395047cec53a017d2aN

    • Size

      96KB

    • MD5

      f908c2632dac9376a28df1c82bc1a830

    • SHA1

      97b0f03a42a9fdbf85c22daaf91aaeaef45f009d

    • SHA256

      45a2719352e50f664758feff146fddd735f2c522ea25e0395047cec53a017d2a

    • SHA512

      e82f476ca4abe02afef522e1a9bcaf8db399e8a9f5240acf2ec6e3966a864038459a72c5856f8d245c4ec89e8db6d6fcb156766b7e2f22c29f89701be5275fd8

    • SSDEEP

      1536:kVsw80iqV92fOCxRwJ2gWxazGSQTWUWMUJTb085VrPzZaHFFfUN1Avhw6JCMd:kVMbgWxkGTTRUJ30OBlcFFfUrQlMW

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks