General

  • Target

    f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118

  • Size

    672KB

  • Sample

    240415-nj4r5sfe6s

  • MD5

    f0f21b42ad4fc3652edd2111eac1099b

  • SHA1

    0f555174e839b85c52e47eb5c66645d2ce1ac4c0

  • SHA256

    ec83c2c1eec33e0da96d042d70338877a95ab967b5882e1c6a2ebe8f11f62f0a

  • SHA512

    8cb7f96eb8c9d99b12883f148546715c495dec7e44df83bc22382319136e46a62c5470e0424dd8fdd39d6210845a4eedeea3f3d9826eb9713163b162c78e23db

  • SSDEEP

    12288:mCCGxTwAe2mjiVg69cvig2t8aLhREsG4w4hRtZx1afUbGe49:mClxc0gKg2tRREso4hTYsbxK

Malware Config

Targets

    • Target

      f0f21b42ad4fc3652edd2111eac1099b_JaffaCakes118

    • Size

      672KB

    • MD5

      f0f21b42ad4fc3652edd2111eac1099b

    • SHA1

      0f555174e839b85c52e47eb5c66645d2ce1ac4c0

    • SHA256

      ec83c2c1eec33e0da96d042d70338877a95ab967b5882e1c6a2ebe8f11f62f0a

    • SHA512

      8cb7f96eb8c9d99b12883f148546715c495dec7e44df83bc22382319136e46a62c5470e0424dd8fdd39d6210845a4eedeea3f3d9826eb9713163b162c78e23db

    • SSDEEP

      12288:mCCGxTwAe2mjiVg69cvig2t8aLhREsG4w4hRtZx1afUbGe49:mClxc0gKg2tRREso4hTYsbxK

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks