General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-c7f54c59d75c1dcacebd2fa87da76a120db2e43ca61374579a51aa4bf3c63dd5N

  • Size

    94KB

  • Sample

    240916-r1g69ashqq

  • MD5

    e8dea2d926648de9b6253247d12afda0

  • SHA1

    4517fa3f69414c6590effd63f60e36f05fbf8b24

  • SHA256

    c7f54c59d75c1dcacebd2fa87da76a120db2e43ca61374579a51aa4bf3c63dd5

  • SHA512

    d24d2e00f6c8c5a00140f4e9b1c448912f2cc10789ead0c13cc59dec64b5408120a3c4fdef6a34d9defbe6d106ed87c77115ec41ff797ad3e3778b98cf30a1dc

  • SSDEEP

    1536:V/T5MMNDqGOYtQg7MjR4jJrp3J1eBrqbp/SU/VRQD8WRfRa9HprmRfRZ:V/dt2GFv76trqbp/SUteD8W5wkpv

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-c7f54c59d75c1dcacebd2fa87da76a120db2e43ca61374579a51aa4bf3c63dd5N

    • Size

      94KB

    • MD5

      e8dea2d926648de9b6253247d12afda0

    • SHA1

      4517fa3f69414c6590effd63f60e36f05fbf8b24

    • SHA256

      c7f54c59d75c1dcacebd2fa87da76a120db2e43ca61374579a51aa4bf3c63dd5

    • SHA512

      d24d2e00f6c8c5a00140f4e9b1c448912f2cc10789ead0c13cc59dec64b5408120a3c4fdef6a34d9defbe6d106ed87c77115ec41ff797ad3e3778b98cf30a1dc

    • SSDEEP

      1536:V/T5MMNDqGOYtQg7MjR4jJrp3J1eBrqbp/SU/VRQD8WRfRa9HprmRfRZ:V/dt2GFv76trqbp/SUteD8W5wkpv

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks