General

  • Target

    b8f787860e7d4c22566f5e5c654a12fd_JaffaCakes118

  • Size

    437KB

  • Sample

    240822-yvbkvavgpd

  • MD5

    b8f787860e7d4c22566f5e5c654a12fd

  • SHA1

    ea52082427026c3238e1c3602cb090608f3ff42c

  • SHA256

    16ad163acb968695c63915f871a53bd675aca580427c0ec09d55d0f365e1ff85

  • SHA512

    36c0071ff0f7429c148d24e85c034aa753b6b6ee8770aac0c11baf18e766b716fd1872317b58ccbb889bedb68600cdb81dae936cf9fc86660c92b28b61d4e812

  • SSDEEP

    6144:UwVwm2i+mKaN68U8Wdvym8fXZkd/L07IkX/c6MVO4zXUdn1NwBLDmFBF3UN:wri+m/A4Wx3Ug/LzARMVO4sNyDm3F3U

Malware Config

Targets

    • Target

      b8f787860e7d4c22566f5e5c654a12fd_JaffaCakes118

    • Size

      437KB

    • MD5

      b8f787860e7d4c22566f5e5c654a12fd

    • SHA1

      ea52082427026c3238e1c3602cb090608f3ff42c

    • SHA256

      16ad163acb968695c63915f871a53bd675aca580427c0ec09d55d0f365e1ff85

    • SHA512

      36c0071ff0f7429c148d24e85c034aa753b6b6ee8770aac0c11baf18e766b716fd1872317b58ccbb889bedb68600cdb81dae936cf9fc86660c92b28b61d4e812

    • SSDEEP

      6144:UwVwm2i+mKaN68U8Wdvym8fXZkd/L07IkX/c6MVO4zXUdn1NwBLDmFBF3UN:wri+m/A4Wx3Ug/LzARMVO4sNyDm3F3U

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks