Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-e3ec4fab1e22ad3d838a2c7851525c87de487b15731a36ba55b66b4660957c88N

  • Size

    95KB

  • Sample

    240916-tnp3faxbpm

  • MD5

    23399bfaded036de0d913e9996dd7f40

  • SHA1

    b2c6f6fb361b9cb1d0b0809eff925569daa71774

  • SHA256

    e3ec4fab1e22ad3d838a2c7851525c87de487b15731a36ba55b66b4660957c88

  • SHA512

    1499846be3c196b3b172b3a3147c885e8b8bf6e8cecbf589c0813cda1d62222b5549c8768f71bad3da9d81b92407e86637acbd5e717a27338d0871c88360c1d1

  • SSDEEP

    1536:YXb/IkOB8yyj13Rii/+mA3YKEVez8rHCfTrJRQrfRVRoRch1dROrwpOudRirVtF/:qIkO8yyZ3n+b3YKEPrHCfTrJejTWM1dK

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-e3ec4fab1e22ad3d838a2c7851525c87de487b15731a36ba55b66b4660957c88N

    • Size

      95KB

    • MD5

      23399bfaded036de0d913e9996dd7f40

    • SHA1

      b2c6f6fb361b9cb1d0b0809eff925569daa71774

    • SHA256

      e3ec4fab1e22ad3d838a2c7851525c87de487b15731a36ba55b66b4660957c88

    • SHA512

      1499846be3c196b3b172b3a3147c885e8b8bf6e8cecbf589c0813cda1d62222b5549c8768f71bad3da9d81b92407e86637acbd5e717a27338d0871c88360c1d1

    • SSDEEP

      1536:YXb/IkOB8yyj13Rii/+mA3YKEVez8rHCfTrJRQrfRVRoRch1dROrwpOudRirVtF/:qIkO8yyZ3n+b3YKEPrHCfTrJejTWM1dK

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks