General

  • Target

    f576fb70250aecee421413812165b2cf_JaffaCakes118

  • Size

    705KB

  • Sample

    240417-ldsftacd9v

  • MD5

    f576fb70250aecee421413812165b2cf

  • SHA1

    b47c89f5ee4b67e344d7981b3b1b7be96f31f04c

  • SHA256

    8e7cb0d2a8b6bef4d3593241f68d25043a559db262b51e332cb2dc5e6dc9d76b

  • SHA512

    95817095003b6aeb11ef5080acb0f3af3ead2fb3eb1c1a7e2e3b1c6fcb931f9a96bcae0da1dfdfca3bdc06d60c40da54adb98c23d99f7cd3a2ac25107653adfa

  • SSDEEP

    12288:tDJnJM4OpSpnO8kTZlMro5FB4ODBrfpl7NvrZlcGakjKTQF17yPft5QCbX:VJnJM4OqTW34WFB4ODd7NNlqkjxFJcTv

Malware Config

Targets

    • Target

      f576fb70250aecee421413812165b2cf_JaffaCakes118

    • Size

      705KB

    • MD5

      f576fb70250aecee421413812165b2cf

    • SHA1

      b47c89f5ee4b67e344d7981b3b1b7be96f31f04c

    • SHA256

      8e7cb0d2a8b6bef4d3593241f68d25043a559db262b51e332cb2dc5e6dc9d76b

    • SHA512

      95817095003b6aeb11ef5080acb0f3af3ead2fb3eb1c1a7e2e3b1c6fcb931f9a96bcae0da1dfdfca3bdc06d60c40da54adb98c23d99f7cd3a2ac25107653adfa

    • SSDEEP

      12288:tDJnJM4OpSpnO8kTZlMro5FB4ODBrfpl7NvrZlcGakjKTQF17yPft5QCbX:VJnJM4OqTW34WFB4ODd7NNlqkjxFJcTv

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks