General

  • Target

    8311f3898e4b454d59489773c4e7592b.zip

  • Size

    314KB

  • Sample

    240831-djyk1ssemn

  • MD5

    735841d1d060152284675014a93b8dbd

  • SHA1

    c31b3aa7ec26ab70e5ada1328929b4371a8ddfc0

  • SHA256

    d0c0f7321b6fec21e09dea2698a9d0ebc72d96d513358f44ce396153353bb41c

  • SHA512

    2f9fc4fe9e1b2f1fb67f7079c7dcfdbfcc598b03422e3cecff5b0503c775816d10e555aea7d4eef8bcf79cece419e4921ba58c28e2555a05ebacf1d7fef6abfc

  • SSDEEP

    6144:1mJabgnvpl6BxVjQunp70VZ2i3p+lXAlGemeTCJ2sh7FAuc8eaOyNaDwkfil8u+E:fOb6bVxnpe2iMX7e4JFh5AU+ywZ/u7B9

Malware Config

Targets

    • Target

      c3125bbbc460d3df6e6125e3acb29e34c0ae2447cf79b2a671b7da9ca710d18a

    • Size

      457KB

    • MD5

      8311f3898e4b454d59489773c4e7592b

    • SHA1

      41debdd32a388f72d3200a3610adfa41db0e1f4d

    • SHA256

      c3125bbbc460d3df6e6125e3acb29e34c0ae2447cf79b2a671b7da9ca710d18a

    • SHA512

      b8f9572ad414cd0b636bf093c2bee284c2e3182c828dbdd7db48e6e009151a80b0d16dfeb31ccc52324101ca52620095a850e3e5f1a127e3b9e42a888f64e54d

    • SSDEEP

      12288:0OFgMNkqcXDvPLAsdFTvbNjjSXN2mEmFioL1rny:xeqcTvj3d5RjjCs02

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks