General

  • Target

    d48829e0304a6d62d8dcd1be9c06d8f6.zip

  • Size

    295KB

  • Sample

    240831-hfwdpszhqn

  • MD5

    e7563fa785d98a7b4438773a076b2f2b

  • SHA1

    9fbea679354f7230a38bba1c3be20a10247b7728

  • SHA256

    cd49a47d1d8acc21daef377ce4e3b387618cbfe49cd9a7100954f559c326225a

  • SHA512

    d94c3ecc310eb882244455042eac1c51c1b13f0927a2cab9b6b2e9650835f15fc02eb86524995620dd8c8e8c270565e751aa24a14c2eb0734e46abeee8c7998d

  • SSDEEP

    6144:btDCAdKxF8o+aAZYqb7LKz0y3Is6BoJXV9DF9yA8st6AB4Sp:ZDCAdag3LI0y3IsxJl9x9yA8AB4Sp

Malware Config

Targets

    • Target

      371455235fb78b0f5bf933a52fc68155edd3df7d356ae1da4d74f72384b25c6f

    • Size

      417KB

    • MD5

      d48829e0304a6d62d8dcd1be9c06d8f6

    • SHA1

      c23f432b94796a9a266849e747e46a2f84b60b7d

    • SHA256

      371455235fb78b0f5bf933a52fc68155edd3df7d356ae1da4d74f72384b25c6f

    • SHA512

      20a66d25438509c8dd9bc1b769530bbb0f88b3460e08c99e1b9f8a362c55c5f6a1cdd63abff698954282205d33679906a7303d8c7bedb230bd05399cf4ad3e88

    • SSDEEP

      6144:hSpwTEOzPSK5U2SoJ8VWackMV1ZmXRWLgKocUq8nOfaIROo71YvK09lw+45B:Q+IK5U2Soys3mwLQcUqgsPBYv745B

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks