General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-b9d38722fcc797603c2e5080c86229429236f78371a200e105cf8ce2b7dd0488N

  • Size

    276KB

  • Sample

    240916-r1e2wsshjb

  • MD5

    7e28ad33531132dcd9d8c05295d1eed0

  • SHA1

    7639a03200f5a99d330e35d08485ef1c1bf36364

  • SHA256

    b9d38722fcc797603c2e5080c86229429236f78371a200e105cf8ce2b7dd0488

  • SHA512

    bd5b1a4e5a96819b1b223e47111d8183dcb6bba537e5d81590682a158ae5eb94e8d62bb44990a4e94a508e2e02fade63693c3a541d42d8291aacb3a12410878a

  • SSDEEP

    6144:4Ck+wlubO7IdWZHEFJ7aWN1rtMsQBOSGaF+:4C+uy+2HEGWN1RMs1S7

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-b9d38722fcc797603c2e5080c86229429236f78371a200e105cf8ce2b7dd0488N

    • Size

      276KB

    • MD5

      7e28ad33531132dcd9d8c05295d1eed0

    • SHA1

      7639a03200f5a99d330e35d08485ef1c1bf36364

    • SHA256

      b9d38722fcc797603c2e5080c86229429236f78371a200e105cf8ce2b7dd0488

    • SHA512

      bd5b1a4e5a96819b1b223e47111d8183dcb6bba537e5d81590682a158ae5eb94e8d62bb44990a4e94a508e2e02fade63693c3a541d42d8291aacb3a12410878a

    • SSDEEP

      6144:4Ck+wlubO7IdWZHEFJ7aWN1rtMsQBOSGaF+:4C+uy+2HEGWN1RMs1S7

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks