General

  • Target

    fc782acb93cd225307863100c298b4fc_JaffaCakes118

  • Size

    709KB

  • Sample

    240420-lpk6wadf86

  • MD5

    fc782acb93cd225307863100c298b4fc

  • SHA1

    26430093bc9d396eb2068260eb81f6ce90dbf2ca

  • SHA256

    09968cc4028cce1a1a3008a1829f745e3696a3745ab58c0c1e401a57eb6e9add

  • SHA512

    fcd650fd49554bc159d246c27c9a4cbf533bee598dd66ff7cae6ff96893e3ed59daf5647e5f060d8c5033977b12899fef454db475b82669af19c24db323000c3

  • SSDEEP

    12288:/DJnJM4OpSpnO8kTalJO6K7dzew9OZ4FmPTd9P3AF/+tVUZI3LSY:LJnJM4OqTW8JOldeuOZ4Ibn+/+tVUS37

Malware Config

Targets

    • Target

      fc782acb93cd225307863100c298b4fc_JaffaCakes118

    • Size

      709KB

    • MD5

      fc782acb93cd225307863100c298b4fc

    • SHA1

      26430093bc9d396eb2068260eb81f6ce90dbf2ca

    • SHA256

      09968cc4028cce1a1a3008a1829f745e3696a3745ab58c0c1e401a57eb6e9add

    • SHA512

      fcd650fd49554bc159d246c27c9a4cbf533bee598dd66ff7cae6ff96893e3ed59daf5647e5f060d8c5033977b12899fef454db475b82669af19c24db323000c3

    • SSDEEP

      12288:/DJnJM4OpSpnO8kTalJO6K7dzew9OZ4FmPTd9P3AF/+tVUZI3LSY:LJnJM4OqTW8JOldeuOZ4Ibn+/+tVUS37

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks