General

  • Target

    d88dc6b1c9d9d0ce96c24003b2e22f3b.zip

  • Size

    304KB

  • Sample

    240831-hlrmps1cka

  • MD5

    3e235e5f5f7b53106d2f5d1cbe580069

  • SHA1

    363b6ba09d1ff61e2acd35087d5db43d1b3a3bea

  • SHA256

    81c5897881bf8349d302c4f4b8798d16a0e12f80949b7585fe9f201360415660

  • SHA512

    1b867f0ae02ea9d5c077b8f3edbbffba68dd9c34e1c47e95ac058ea3da4cf3b50ba8a988bfc6513c5a088dcd19b5fe70a147758a15f71de77f4cea2d0ee0068a

  • SSDEEP

    6144:8rRnxQjrKTW+X9A9/BHjOWou1e4L9Dqqybdsjl/RPht/t:8dnxGW+tCC3Aijl/btl

Malware Config

Targets

    • Target

      5e5b6780002d047e519ecc6b58048e9588f9762d67db468c720cd61c605ecb90

    • Size

      437KB

    • MD5

      d88dc6b1c9d9d0ce96c24003b2e22f3b

    • SHA1

      c9c620dc34f5360a0619b64549400730ddb698be

    • SHA256

      5e5b6780002d047e519ecc6b58048e9588f9762d67db468c720cd61c605ecb90

    • SHA512

      b3f4ba6cff1441cf97d09d542dad5068450f9a1fa569b06407e481f1b01e09e3562e01621b5bfb07df2719296c36bb86596e51b76e811de53d978960fd92bdfa

    • SSDEEP

      6144:UbVwm2i+mKaN68U8Wdvym8fXZkp/L07IkX/c6MVO4zXUdn1NwBLDmFBF3UN:pri+m/A4Wx3U0/LzARMVO4sNyDm3F3U

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks