General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-b6fd7e63a61face4ccb174f2905bb6c9470b87eb20832a6a1b75494ba4413a96N

  • Size

    120KB

  • Sample

    240916-rw3mdssfmg

  • MD5

    de34e7c7711443a8d53f35e9b52bc680

  • SHA1

    a61bf6461ef475b927d9b542c78775b5b8e47e1d

  • SHA256

    b6fd7e63a61face4ccb174f2905bb6c9470b87eb20832a6a1b75494ba4413a96

  • SHA512

    762143085b3edb4460743c944ee8b6b02726e4c0da171ee0b3ac6a3092045f35d6269e15446e9a3c24e42e016de3ab2a2826e840ca1e6327bfa936b327f320dc

  • SSDEEP

    3072:KebP4FTfRs8mB9Kxep203H/6TC+qF1SsB1bw4AVRrd9:Kez4k8CYEp9C81NBy9

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-b6fd7e63a61face4ccb174f2905bb6c9470b87eb20832a6a1b75494ba4413a96N

    • Size

      120KB

    • MD5

      de34e7c7711443a8d53f35e9b52bc680

    • SHA1

      a61bf6461ef475b927d9b542c78775b5b8e47e1d

    • SHA256

      b6fd7e63a61face4ccb174f2905bb6c9470b87eb20832a6a1b75494ba4413a96

    • SHA512

      762143085b3edb4460743c944ee8b6b02726e4c0da171ee0b3ac6a3092045f35d6269e15446e9a3c24e42e016de3ab2a2826e840ca1e6327bfa936b327f320dc

    • SSDEEP

      3072:KebP4FTfRs8mB9Kxep203H/6TC+qF1SsB1bw4AVRrd9:Kez4k8CYEp9C81NBy9

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks