Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Backdoor.Win32.Padodor.SK.MTB12c40a3dc5ad167c654113bb9014b120bed26e5aa65b18de37450226010e594aN

  • Size

    72KB

  • Sample

    240916-tpan5sxbrm

  • MD5

    ca893551575fcbc52d1f31c19ec39290

  • SHA1

    1796d1d0c6cc402a8bd05b795a001619d4c39180

  • SHA256

    12c40a3dc5ad167c654113bb9014b120bed26e5aa65b18de37450226010e594a

  • SHA512

    5028cd6dcdece67fe1e010aa7d97b418960206ccc5f2701a4a06c7621f65163dd094632f06b64e5d8bfab9911f5ccb9a5e960af76deeb356ee0e456e6dc9211f

  • SSDEEP

    1536:EG0rt5Nw2Ke8spehgiEpW9uPlekC/wwLAIVTN:ERNw2U1gCUPl7p3In

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB12c40a3dc5ad167c654113bb9014b120bed26e5aa65b18de37450226010e594aN

    • Size

      72KB

    • MD5

      ca893551575fcbc52d1f31c19ec39290

    • SHA1

      1796d1d0c6cc402a8bd05b795a001619d4c39180

    • SHA256

      12c40a3dc5ad167c654113bb9014b120bed26e5aa65b18de37450226010e594a

    • SHA512

      5028cd6dcdece67fe1e010aa7d97b418960206ccc5f2701a4a06c7621f65163dd094632f06b64e5d8bfab9911f5ccb9a5e960af76deeb356ee0e456e6dc9211f

    • SSDEEP

      1536:EG0rt5Nw2Ke8spehgiEpW9uPlekC/wwLAIVTN:ERNw2U1gCUPl7p3In

    • Adds autorun key to be loaded by Explorer.exe on startup

    • Berbew

      Berbew is a backdoor written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks