Overview

overview

10

Static

static

3

Backdoor.W...SK.exe

windows7-x64

10

Backdoor.W...SK.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Backdoor.Win32.Padodor.SK.MTB-03b55e920b82bb884ee698e87a098271a8eaa2c48025de44193fd412c78532adN

  • Size

    96KB

  • Sample

    240918-zwketatdnm

  • MD5

    be8dbacbb9ae5b8b7a18d05527207d00

  • SHA1

    d06e7bdcc3cb8decd630d70e7e69849b2f539c50

  • SHA256

    03b55e920b82bb884ee698e87a098271a8eaa2c48025de44193fd412c78532ad

  • SHA512

    adb447cfd0feeeb8b55f18942366f8505109b5cce5bf14f831bfcd874e7dafacc4d6f68a7cb84e41dbb11acc3c5c8d8be30e38a04d0cdb7735f5fff00fd9bfc0

  • SSDEEP

    3072:X3OCKw+0+w1g/F3zkQUGxQFE4SzX0CyRceG9d69jc0v:X3OG+m1g/pzkQjOu5zPyRceCd6NV

Score
10/10
berbewbackdoordiscoverypersistence

Malware Config

Extracted

Family

berbew

C2

http://f/wcmd.htm

http://f/ppslog.php

http://f/piplog.php?%s:%i:%i:%s:%09u:%i:%02d:%02d:%02d

Targets

    • Target

      Backdoor.Win32.Padodor.SK.MTB-03b55e920b82bb884ee698e87a098271a8eaa2c48025de44193fd412c78532adN

    • Size

      96KB

    • MD5

      be8dbacbb9ae5b8b7a18d05527207d00

    • SHA1

      d06e7bdcc3cb8decd630d70e7e69849b2f539c50

    • SHA256

      03b55e920b82bb884ee698e87a098271a8eaa2c48025de44193fd412c78532ad

    • SHA512

      adb447cfd0feeeb8b55f18942366f8505109b5cce5bf14f831bfcd874e7dafacc4d6f68a7cb84e41dbb11acc3c5c8d8be30e38a04d0cdb7735f5fff00fd9bfc0

    • SSDEEP

      3072:X3OCKw+0+w1g/F3zkQUGxQFE4SzX0CyRceG9d69jc0v:X3OG+m1g/pzkQjOu5zPyRceCd6NV

    Score
    10/10
    berbewbackdoordiscoverypersistence

    • Adds autorun key to be loaded by Explorer.exe on startup

      persistence

    • Berbew

      Berbew is a backdoor written in C++.

      backdoorberbew

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks