General

  • Target

    0370ab8f7dd7979c7c731f39cad5410a.zip

  • Size

    314KB

  • Sample

    240831-khdyjsvcnq

  • MD5

    ba07a0fb9f9e1c2f7393c217a4f4521e

  • SHA1

    540dcf69912dd33aa4fabab9c8deb172f2980c0a

  • SHA256

    c0485e162e2e052fae8ec97b2e9bd2de3bc9bdeb08eb53c3754d98a9079b617c

  • SHA512

    0ed65938df7d55b14a283e8ae1d8a6158ab8661ed7cd9117adc1b418d26c369e845ca2787cf02ed0223d53b7d096ead3e926924d5bcdfd01f3784a550c3cc6c5

  • SSDEEP

    6144:shrz9fWAMKouII0muxZLVkS8WdJZSwHoiRurMZA571J:Ez9fxMYYSyzZSxLh57n

Malware Config

Targets

    • Target

      74d6dad0f286be246f9a44dde0d6c1f5ce05b6b7e797cf9c108e78b0922fae1a

    • Size

      457KB

    • MD5

      0370ab8f7dd7979c7c731f39cad5410a

    • SHA1

      8c5ba56e4a2759523bbcd205dfc6e52858c33450

    • SHA256

      74d6dad0f286be246f9a44dde0d6c1f5ce05b6b7e797cf9c108e78b0922fae1a

    • SHA512

      2afdc6b0741f3577451acce288e5e9854ff2c9b3e0da1c749ce36355ca1f5e0f238674e5493f047e5f26a102a12939461e608d2a7ad169c4ae59b2e19bb2c0ce

    • SSDEEP

      12288:iFANWB8gvAGaDaZqv/mB+6X3NTHagXtM:oAY8gIG4aZqv+BPX3NWg9M

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks