General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-282773f57ede726121efb38decce24e3c898b712d6f9d973a369590571b0657dN

  • Size

    96KB

  • Sample

    240916-rxzbcssgmk

  • MD5

    ac620df1662a9010193abc3788b64e40

  • SHA1

    5fc37bc40894b2196dc8f645d9208225757097e0

  • SHA256

    282773f57ede726121efb38decce24e3c898b712d6f9d973a369590571b0657d

  • SHA512

    9422485d74cb4d6deba35daf402548d7b164d633e43c8225f9a76ccd8af8c6178e61e04522b86e8afeaf21ed8935780c20bff19065aa3f387d72e5dc138ae689

  • SSDEEP

    1536:yBlZCrAxzk0uXoyuz+3sODPq0gb6O77q0GsQaHbZc3uYip+EbduV9jojTIvjrH:y3MrszLZyX8OD2WO7OeZG3Yd69jc0vf

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-282773f57ede726121efb38decce24e3c898b712d6f9d973a369590571b0657dN

    • Size

      96KB

    • MD5

      ac620df1662a9010193abc3788b64e40

    • SHA1

      5fc37bc40894b2196dc8f645d9208225757097e0

    • SHA256

      282773f57ede726121efb38decce24e3c898b712d6f9d973a369590571b0657d

    • SHA512

      9422485d74cb4d6deba35daf402548d7b164d633e43c8225f9a76ccd8af8c6178e61e04522b86e8afeaf21ed8935780c20bff19065aa3f387d72e5dc138ae689

    • SSDEEP

      1536:yBlZCrAxzk0uXoyuz+3sODPq0gb6O77q0GsQaHbZc3uYip+EbduV9jojTIvjrH:y3MrszLZyX8OD2WO7OeZG3Yd69jc0vf

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks