General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-03a6d985765b30f180ee658259e5c7d8d8bb105f51dcc785f719cc8d927cc3e4N

  • Size

    96KB

  • Sample

    240916-nm7m7svfmr

  • MD5

    4aa0414ed8290d747090a0e7b4ba1da0

  • SHA1

    d8d188d3ad920e6881a015ac4a8fcd7be0a9e8c0

  • SHA256

    03a6d985765b30f180ee658259e5c7d8d8bb105f51dcc785f719cc8d927cc3e4

  • SHA512

    d7abf670fe82734386189c3227e8e9ecb380dbba2392b026fc4331dda6c611b1d9831745da85a719dfa342eaa4307669d40d90a65400d8535a61c3ac07416135

  • SSDEEP

    1536:KoEkORoirMttuiyZW3q0wG5+6mCw8XXU8KeShrUQVoMdUT+irF:Kzk4Mu7Z8q0wZCw8XXFKeShr1Rhk

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-03a6d985765b30f180ee658259e5c7d8d8bb105f51dcc785f719cc8d927cc3e4N

    • Size

      96KB

    • MD5

      4aa0414ed8290d747090a0e7b4ba1da0

    • SHA1

      d8d188d3ad920e6881a015ac4a8fcd7be0a9e8c0

    • SHA256

      03a6d985765b30f180ee658259e5c7d8d8bb105f51dcc785f719cc8d927cc3e4

    • SHA512

      d7abf670fe82734386189c3227e8e9ecb380dbba2392b026fc4331dda6c611b1d9831745da85a719dfa342eaa4307669d40d90a65400d8535a61c3ac07416135

    • SSDEEP

      1536:KoEkORoirMttuiyZW3q0wG5+6mCw8XXU8KeShrUQVoMdUT+irF:Kzk4Mu7Z8q0wZCw8XXFKeShr1Rhk

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks