Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-5bc177546d6cef26c60479967ed37928409a7567168717c9eb1a29530cd78eb9N

  • Size

    89KB

  • Sample

    240916-tp1kkaxclj

  • MD5

    389b3607410d9b4c80abe5b54f483970

  • SHA1

    a2c08e4768f0d32728936cdd12d735247cc1b8ab

  • SHA256

    5bc177546d6cef26c60479967ed37928409a7567168717c9eb1a29530cd78eb9

  • SHA512

    66c075b964e4fd6c63f96c737427e26176f213944614b9229d74fa14c217421cc79a57b6bdc34caf75e0aa468e46accab826d200bf55598e7faee6103f9cfbb8

  • SSDEEP

    1536:jFdJzB0Ccib47iHbyLIKq+4P8+1e8aYN+ugtrURQTD68a+VMKKTRVGFtUhQfR1Wy:xdJxciMWHzKqP8+1PYUeSr4MKy3G7UEb

Malware Config

Extracted

Family

berbew

C2

http://viruslist.com/wcmd.txt

http://viruslist.com/ppslog.php

http://viruslist.com/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-5bc177546d6cef26c60479967ed37928409a7567168717c9eb1a29530cd78eb9N

    • Size

      89KB

    • MD5

      389b3607410d9b4c80abe5b54f483970

    • SHA1

      a2c08e4768f0d32728936cdd12d735247cc1b8ab

    • SHA256

      5bc177546d6cef26c60479967ed37928409a7567168717c9eb1a29530cd78eb9

    • SHA512

      66c075b964e4fd6c63f96c737427e26176f213944614b9229d74fa14c217421cc79a57b6bdc34caf75e0aa468e46accab826d200bf55598e7faee6103f9cfbb8

    • SSDEEP

      1536:jFdJzB0Ccib47iHbyLIKq+4P8+1e8aYN+ugtrURQTD68a+VMKKTRVGFtUhQfR1Wy:xdJxciMWHzKqP8+1PYUeSr4MKy3G7UEb

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks