General

  • Target

    7f933f4e7451e1aa0c8b9c38c43a81c9.zip

  • Size

    293KB

  • Sample

    240831-dd5r5sscnl

  • MD5

    872ff47bcc75977bfc78161f01b675f5

  • SHA1

    10260c07301ee32cbf51ae41241ab46dd967ffe1

  • SHA256

    282d2a424083b7d21a870abf739d37eb99ecd04da017c199f62e1cbf5dbe0778

  • SHA512

    cbae9b8b7143aea6d7f611e0aa92fc653a37c701c352b7ae376dc0ead3957c9ff723321f4d2d6d583336d7645aab9b37c0056eb52119d146b5d8d039812c0b1b

  • SSDEEP

    6144:nKsD22hOwwvT65UdzA52lZ+Q54hl7B53TPVjkeguTlECWXyxqoVjomls:nKTMOg5UJAATmThhguTlRwObVzls

Malware Config

Targets

    • Target

      c95b33c8f04267b719df3d1206dc2e7ec00f35cf5d26ff1b71a62fca8033cc2c

    • Size

      415KB

    • MD5

      7f933f4e7451e1aa0c8b9c38c43a81c9

    • SHA1

      888b20e270a4c42f0ac8eb991e2f0e69ed388d41

    • SHA256

      c95b33c8f04267b719df3d1206dc2e7ec00f35cf5d26ff1b71a62fca8033cc2c

    • SHA512

      f967c462af3f60a43c9ff05c227e8968012fbb377ee35da5d983fe280afef6c9fabf3a32a74b915f63ef49ece9c6459c523fb871232b23c3d015c40728a9e5c4

    • SSDEEP

      6144:HaeeLHupH8wcoTA2nDJGvRld7M5zhRcl+Vj6gvH0mXK7Y9xKiTgXqqbgG/1EPB:reLkYCgldAhRcloe4y7YCmzr8E

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks