General

  • Target

    90a1400d3988b03b8af04ad8fe8cf8bf0751b27d018cc4f73a4e5aa2f6b9bebc

  • Size

    295KB

  • Sample

    240831-bb35eswhkj

  • MD5

    7b3a20b17fb8f8a43a8363effcad110e

  • SHA1

    b91beac5d75b6c4062bc24523e4f043e342d616a

  • SHA256

    90a1400d3988b03b8af04ad8fe8cf8bf0751b27d018cc4f73a4e5aa2f6b9bebc

  • SHA512

    52cacbd182f703843e4d2e0aeb9df8f9bbd7d51f98156b08354be28346225b0ea6aa986cec7dde0d342432fd908d7291cb4e9d495699f83e87e4c8c9ae5e81d2

  • SSDEEP

    6144:qi7Bmi4oieGrfs6LJa8tZNj9h8VG/8fOY7LNyW1HuoQ68sLVQ7/IZIF:jvu/rUSrP4m8fOY7BlHu2MGC

Malware Config

Targets

    • Target

      b64e2ed624b7d878d680265e2cb5bb0f824dea5e7decc7677b8ed5c06e6e8d95

    • Size

      415KB

    • MD5

      42c2ecba382ca7b7f5ae6fe76f2c8569

    • SHA1

      da4f435ad23ca386604809dc9467330a39e2af23

    • SHA256

      b64e2ed624b7d878d680265e2cb5bb0f824dea5e7decc7677b8ed5c06e6e8d95

    • SHA512

      ce18c1d90f6121096286b8c2605a22e2bb70c21cafbad967122bcb100d699d6a47b902e1927a45fbb96c8143af29c74e42313c4edecaeaf8bd435233d19f6aa5

    • SSDEEP

      12288:WrKyKsimU291v+w04As8mzJB93sBNCG9n:WrKyKsiB0B+w04/Ujn

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks