General

  • Target

    e89d42e8739f1d730eadced6f6a5f428_JaffaCakes118

  • Size

    672KB

  • Sample

    240408-2tqj6aeb82

  • MD5

    e89d42e8739f1d730eadced6f6a5f428

  • SHA1

    b4975a178d419b2b47d4a9b5130ea3e0b9d991f4

  • SHA256

    043826693f7236e5353ed0f60818002fbf8122af64cb48e030fc6ce2071a48d2

  • SHA512

    e6b14bd8cc8d2735ff3f38c532341205b46e54910ec2ae5afcb2526ec79ef71fa43b50ed6d76a37b374b45e249582277775b00b60398f93cb7b0a0e828f4275b

  • SSDEEP

    12288:kCCGxTSAe2mjiVg69cvigIUeNyz9bkaF/j3yAfh3xU+LQcPWswdc:kClx20gKgIUY8eXJcrwy

Malware Config

Targets

    • Target

      e89d42e8739f1d730eadced6f6a5f428_JaffaCakes118

    • Size

      672KB

    • MD5

      e89d42e8739f1d730eadced6f6a5f428

    • SHA1

      b4975a178d419b2b47d4a9b5130ea3e0b9d991f4

    • SHA256

      043826693f7236e5353ed0f60818002fbf8122af64cb48e030fc6ce2071a48d2

    • SHA512

      e6b14bd8cc8d2735ff3f38c532341205b46e54910ec2ae5afcb2526ec79ef71fa43b50ed6d76a37b374b45e249582277775b00b60398f93cb7b0a0e828f4275b

    • SSDEEP

      12288:kCCGxTSAe2mjiVg69cvigIUeNyz9bkaF/j3yAfh3xU+LQcPWswdc:kClx20gKgIUY8eXJcrwy

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks