General

  • Target

    5d9afa34d58d686ea27ab01f4f681d56.zip

  • Size

    323KB

  • Sample

    240831-btl9maxfle

  • MD5

    1d8bbbea9302352db70d48fba63fb8d2

  • SHA1

    1a7a396643e061ab794535085b3f2a476c91be23

  • SHA256

    584cfa980d017c79576ec0bdf57dcb346b64d0e10dc878d5c6e6002f1582f21a

  • SHA512

    d400bff34e7965088fe656dbadfc6f3b9424d062f9a1f411dc2a0e4466cb936f39b0a8a72491db4e296955e46fff08b7d06c9e6541ea993fdc2f7ec5b94c7b38

  • SSDEEP

    6144:J6H+mecFDA3PVeuUZ5upFuuQoSbgeSIiyK7ioAeIv8n+iJGXxh3RglT:+OeYUZ5upYuQ/0eSDRIU+ishhhC

Malware Config

Targets

    • Target

      b173b03e0988654a331c46e31e2438115d34fc57a7550a66aee784d1e74300d3

    • Size

      476KB

    • MD5

      5d9afa34d58d686ea27ab01f4f681d56

    • SHA1

      4301075acafdd765528e91950c6a89b96889d97c

    • SHA256

      b173b03e0988654a331c46e31e2438115d34fc57a7550a66aee784d1e74300d3

    • SHA512

      7912d1190a6d440d906c7cd908ff03d95187b894f469fc1cda0dcf985e61b74e376cd41e39fdac582e438f1c10e4be63c53e1943986943081b97cc99c72a2934

    • SSDEEP

      12288:yYmIjE7eNdKcWEb92Ubr4TgyUbZm6qCs8e/G:O7eNAYb92Ub8T5geL

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks