General

  • Target

    f5e803f430fcd2bb59b59604d3b42063_JaffaCakes118

  • Size

    705KB

  • Sample

    240417-qza6wabf5t

  • MD5

    f5e803f430fcd2bb59b59604d3b42063

  • SHA1

    22b93f1ece7ccfb039acf7ff6d164e9ba3977034

  • SHA256

    084f787a0c52d0282f9867cb2555ef2ff38185c35f4165115fe6082671623da8

  • SHA512

    9742ba227bae6ffaa93ceb823dd2792d3c7e49548c9d6a042c79bc18290d4cd8636e57f2841a9b7832f5ba45b715215ede9f9bb13511a9f434ab69b7bda1b62e

  • SSDEEP

    12288:9DJnJM4OpSpnO8kTslsIqrQAq/LE9Eb97BeGdypTRvcoI:lJnJM4OqTWWsIqrQAq/LE9EJ7BeGd46o

Malware Config

Targets

    • Target

      f5e803f430fcd2bb59b59604d3b42063_JaffaCakes118

    • Size

      705KB

    • MD5

      f5e803f430fcd2bb59b59604d3b42063

    • SHA1

      22b93f1ece7ccfb039acf7ff6d164e9ba3977034

    • SHA256

      084f787a0c52d0282f9867cb2555ef2ff38185c35f4165115fe6082671623da8

    • SHA512

      9742ba227bae6ffaa93ceb823dd2792d3c7e49548c9d6a042c79bc18290d4cd8636e57f2841a9b7832f5ba45b715215ede9f9bb13511a9f434ab69b7bda1b62e

    • SSDEEP

      12288:9DJnJM4OpSpnO8kTslsIqrQAq/LE9Eb97BeGdypTRvcoI:lJnJM4OqTWWsIqrQAq/LE9EJ7BeGd46o

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks