General

  • Target

    e5dc34afb55fdb6978f7c801dc27b876_JaffaCakes118

  • Size

    705KB

  • Sample

    240407-zyn6saeh27

  • MD5

    e5dc34afb55fdb6978f7c801dc27b876

  • SHA1

    59e48cfb682e434ba2a71e62636f97227f759f16

  • SHA256

    e1d43b0876f233846af9c177b86e3d614aa8b1661175d925fd4359777d5c2d58

  • SHA512

    df9d0c346e821d89ad280d395fe88b98fd445f9b315434f6d3ffd8fde993493b332b18c753def0e6e1447f96f4ba26a88ff7eac42bce0a14a36c4df5ac1dd008

  • SSDEEP

    12288:ADJnJM4OpSpnO8kTRlha6zB0sVZ2wfNjH2NSm6AwhqR1ja:kJnJM4OqTWvpFZ8Sm6fAR1j

Malware Config

Targets

    • Target

      e5dc34afb55fdb6978f7c801dc27b876_JaffaCakes118

    • Size

      705KB

    • MD5

      e5dc34afb55fdb6978f7c801dc27b876

    • SHA1

      59e48cfb682e434ba2a71e62636f97227f759f16

    • SHA256

      e1d43b0876f233846af9c177b86e3d614aa8b1661175d925fd4359777d5c2d58

    • SHA512

      df9d0c346e821d89ad280d395fe88b98fd445f9b315434f6d3ffd8fde993493b332b18c753def0e6e1447f96f4ba26a88ff7eac42bce0a14a36c4df5ac1dd008

    • SSDEEP

      12288:ADJnJM4OpSpnO8kTRlha6zB0sVZ2wfNjH2NSm6AwhqR1ja:kJnJM4OqTWvpFZ8Sm6fAR1j

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks