General

  • Target

    c22d6935430f2a674dc4717045066c65_JaffaCakes118

  • Size

    417KB

  • Sample

    240826-dtynrssarc

  • MD5

    c22d6935430f2a674dc4717045066c65

  • SHA1

    9d92a1bee12dce2a35c0c4f4d4a123e0efc43134

  • SHA256

    598c276b0a48d81e137af9ba230dd2df73fd1d4c9baf483edef735c19c7ef479

  • SHA512

    f7cd8b815824393e4c3a6b0614d64f6a1a2349ac1bc3b57aa1cadb1718b63d76662f3cae2e8d3f5f67f6632aa353e03eca315a9c090f2dd2c3dfd835e2a81cde

  • SSDEEP

    12288:a+9pn/82zaW9kp2tOXYwYFmD0/fMGuRqEtlaFw+9uTE:a+H/82AAglImiuRqEmwAuT

Malware Config

Targets

    • Target

      c22d6935430f2a674dc4717045066c65_JaffaCakes118

    • Size

      417KB

    • MD5

      c22d6935430f2a674dc4717045066c65

    • SHA1

      9d92a1bee12dce2a35c0c4f4d4a123e0efc43134

    • SHA256

      598c276b0a48d81e137af9ba230dd2df73fd1d4c9baf483edef735c19c7ef479

    • SHA512

      f7cd8b815824393e4c3a6b0614d64f6a1a2349ac1bc3b57aa1cadb1718b63d76662f3cae2e8d3f5f67f6632aa353e03eca315a9c090f2dd2c3dfd835e2a81cde

    • SSDEEP

      12288:a+9pn/82zaW9kp2tOXYwYFmD0/fMGuRqEtlaFw+9uTE:a+H/82AAglImiuRqEmwAuT

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks