General

  • Target

    ed3ee5d24eb6c0cc2ece39ee104626aa_JaffaCakes118

  • Size

    705KB

  • Sample

    240411-mwtbhada4y

  • MD5

    ed3ee5d24eb6c0cc2ece39ee104626aa

  • SHA1

    4b72d7ada5932a9980d521325f4bb7f8b39396b3

  • SHA256

    fe69326fb24b5c83fa532166371c23b0707b910b96233b9db22130fa2131adab

  • SHA512

    9b5de1c6febb33aab504aa46813c24377177f48d9624436f1d247191d3631c997bf552becccaae000bdc21da67c9ef192258032b5784a417432a6fec14d3faed

  • SSDEEP

    12288:8DJnJM4OpSpnO8kTQlgtBLDAChznzLW7naDjRrI31vjAmAmvMY:AJnJM4OqTWqiBLcChznzLW7nOjRrI316

Malware Config

Targets

    • Target

      ed3ee5d24eb6c0cc2ece39ee104626aa_JaffaCakes118

    • Size

      705KB

    • MD5

      ed3ee5d24eb6c0cc2ece39ee104626aa

    • SHA1

      4b72d7ada5932a9980d521325f4bb7f8b39396b3

    • SHA256

      fe69326fb24b5c83fa532166371c23b0707b910b96233b9db22130fa2131adab

    • SHA512

      9b5de1c6febb33aab504aa46813c24377177f48d9624436f1d247191d3631c997bf552becccaae000bdc21da67c9ef192258032b5784a417432a6fec14d3faed

    • SSDEEP

      12288:8DJnJM4OpSpnO8kTQlgtBLDAChznzLW7naDjRrI31vjAmAmvMY:AJnJM4OqTWqiBLcChznzLW7nOjRrI316

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks