General

  • Target

    ca29ba90f0ba302e70dcc107cec7cc26.zip

  • Size

    3.5MB

  • Sample

    240831-gx47hazbqk

  • MD5

    8d4af3a98b5158fdbf71f5cce8912fc5

  • SHA1

    3217a070b004bc11d7326ac26bb6e7772034a49b

  • SHA256

    37b51feccf291164de3b2f02b5a99bc4ad86273527bb1d88e19786e66852a9ae

  • SHA512

    fa5c2b2bd2e3c49613edf28b3ceb9b93a7a8d565668ea41b5afd8627c9b1608a877f821e1c58d1f937600e6677ac31afa00efe66236bc13863377695b49d62ea

  • SSDEEP

    98304:ZnMRmZ7VQyGLbOkL3fLkPdW8ciLtPIOUVy8:ZnFZ7VLmFDgPVRtPIOUVz

Malware Config

Targets

    • Target

      4458bf4125bfc990db039e6b488ea69817af9c4627c1af8d7b40d0182bba7da8

    • Size

      7.3MB

    • MD5

      ca29ba90f0ba302e70dcc107cec7cc26

    • SHA1

      f0ba3ffdfaaa741ea197989ca0ab9390fde78f92

    • SHA256

      4458bf4125bfc990db039e6b488ea69817af9c4627c1af8d7b40d0182bba7da8

    • SHA512

      ff177e970837c30e62a9d897b9b5a9d464cc397be2d62b010d7afbba087159d0ef3d7bf50c14812cfd91f847b2f5961019f4e428a59a4fc705bf92c45756b38a

    • SSDEEP

      98304:hxC3ud6MOIvysiwCQKzo5qphIHVruP3WpF3UdE1hZHEdLFCmil+:WGQFMkhgJuP32+dmhZk/g

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks