Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-bdf54f12f34dc43d50bd7166ad830af914d717af9d82b478cbaa17f448406d0dN

  • Size

    72KB

  • Sample

    240916-tcm4pswerj

  • MD5

    a1af7b5ffbea4a594c6016c21d07a2e0

  • SHA1

    1b73dbc1d8a767919ca65b4d38fd1c0fcdbfcd51

  • SHA256

    bdf54f12f34dc43d50bd7166ad830af914d717af9d82b478cbaa17f448406d0d

  • SHA512

    701c607dcd0cfc730a2beb99ba588042a7826779fd4e889d5bd643a05da2f5de21f360f2c6628b8a28ced05cdc6c7a5361ab06421cef1bd9c5a1be1168c604cd

  • SSDEEP

    1536:4az+YKyVF0UWFqwf7uatxON27BBNMZmU3uN8NVJDGRRQwDbEyRCRRRoR4Rk4:4azfFWFqwzRtAN27B4jnJDGRemEy032+

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-bdf54f12f34dc43d50bd7166ad830af914d717af9d82b478cbaa17f448406d0dN

    • Size

      72KB

    • MD5

      a1af7b5ffbea4a594c6016c21d07a2e0

    • SHA1

      1b73dbc1d8a767919ca65b4d38fd1c0fcdbfcd51

    • SHA256

      bdf54f12f34dc43d50bd7166ad830af914d717af9d82b478cbaa17f448406d0d

    • SHA512

      701c607dcd0cfc730a2beb99ba588042a7826779fd4e889d5bd643a05da2f5de21f360f2c6628b8a28ced05cdc6c7a5361ab06421cef1bd9c5a1be1168c604cd

    • SSDEEP

      1536:4az+YKyVF0UWFqwf7uatxON27BBNMZmU3uN8NVJDGRRQwDbEyRCRRRoR4Rk4:4azfFWFqwzRtAN27B4jnJDGRemEy032+

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks