General

  • Target

    f0999ed2b9d0be10c6303188f265159d0569e3490f3ee619c76a59650c9bb329

  • Size

    294KB

  • Sample

    240831-drl7yssgrp

  • MD5

    7831a45f99b4718f095e922234542bcb

  • SHA1

    63093cbe302193d597daff74328f580720580c9e

  • SHA256

    f0999ed2b9d0be10c6303188f265159d0569e3490f3ee619c76a59650c9bb329

  • SHA512

    bd1fcf59a03299aeb4fa6e783316240f5866dc2f56e9753bb66ab334d6705ad1dc95619c2049c668a700b12dabe12be4036b7595e221ffa8da6d30e3aaca42ab

  • SSDEEP

    6144:qwqrVsml/gt+jNkZBSHwNhFeDSOlNxSKkHdRRPlZhgD7HuMMaE:qwqZs4aZBkQhED5Sv9Z8un

Malware Config

Targets

    • Target

      e6e731aa7a555d24e130df62cd29c9227b77fc66dccea92ea468bcc5eccf2e4e

    • Size

      415KB

    • MD5

      7a005fd53e4a3f5ff0192ea4b7090699

    • SHA1

      1618d0f7d46a6c07b79f13005ea39cc9a115fd62

    • SHA256

      e6e731aa7a555d24e130df62cd29c9227b77fc66dccea92ea468bcc5eccf2e4e

    • SHA512

      e208f69ba569e34bb78ab5f0c3346a1b54d45d8eafbc6995dc88a2010dcdc96088919d80aa392dfd0d6ae3d89ff12f3a4a992d0569e71f61893c5298c242b7d4

    • SSDEEP

      6144:LrByKsic7aHx9Iqt7RudL/W5stmpMDNKNcsCYPQtNq0X8WGtbJCx8d:LrByKsibRiIRCzE8rKdCY4/L58

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks