General

  • Target

    50c901c5de9c7ab2d98dcea36067dc57116c85fde67eb54e7c515e7a24132cf9

  • Size

    632KB

  • Sample

    240418-1p3s9afg67

  • MD5

    29399b0159daab255cfa50b6acaf8fce

  • SHA1

    a386eb6c87295b909a698efbe1cf2243dbafccf6

  • SHA256

    50c901c5de9c7ab2d98dcea36067dc57116c85fde67eb54e7c515e7a24132cf9

  • SHA512

    ff6cdfaf280fb5fcb4ccc7a9b0c15b9129e1fdda5f838e0fd1b434f5577d1aff13ab00a7f0daec5d0b3cc4ac8a7b17ad9ac7d63155fb8b0aebabd5ab4490a2cf

  • SSDEEP

    12288:/SYFz/TXv+8prHqI8yJM+Rh4j+M0YCV5sIRcfT54dstkL0wh29K:nFjjv7pr21CbRM54aSL0oeK

Score
10/10

Malware Config

Targets

    • Target

      50c901c5de9c7ab2d98dcea36067dc57116c85fde67eb54e7c515e7a24132cf9

    • Size

      632KB

    • MD5

      29399b0159daab255cfa50b6acaf8fce

    • SHA1

      a386eb6c87295b909a698efbe1cf2243dbafccf6

    • SHA256

      50c901c5de9c7ab2d98dcea36067dc57116c85fde67eb54e7c515e7a24132cf9

    • SHA512

      ff6cdfaf280fb5fcb4ccc7a9b0c15b9129e1fdda5f838e0fd1b434f5577d1aff13ab00a7f0daec5d0b3cc4ac8a7b17ad9ac7d63155fb8b0aebabd5ab4490a2cf

    • SSDEEP

      12288:/SYFz/TXv+8prHqI8yJM+Rh4j+M0YCV5sIRcfT54dstkL0wh29K:nFjjv7pr21CbRM54aSL0oeK

    Score
    10/10
    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Detects executables packed with VMProtect.

    • Expiro payload

MITRE ATT&CK Matrix

Tasks