General

  • Target

    0bbb47cfcf2fd2a290c10158d71a4335.zip

  • Size

    3.5MB

  • Sample

    240831-km899aveqn

  • MD5

    5f4fcde29a6b91d97cb802184d4399d2

  • SHA1

    0234dcd923117cf780727fdfa760ce5d31b11b52

  • SHA256

    62541f22e2c9de7ed46b352438c4a0416fd1e68b0ff32724b9ff0664d428af35

  • SHA512

    55adbd28bd8b4d28ae639a996f8c5c99e082b1e1b5b15ae3ef4333b41b15790794fc8753231a22aae2bcc973e25b1a2780b246bac4f4be73d7d78a9f569f27ff

  • SSDEEP

    98304:K7/2556cYXFcQTmUO/7SULODlN+M/kUbWksl0DMVTSe:KiuJmkmNt+eGHikC0DMVTSe

Malware Config

Targets

    • Target

      5416a414a27a40f75e64cc68fb456e7655732fe173f43685e93b9ecad1bbc7f7

    • Size

      7.3MB

    • MD5

      0bbb47cfcf2fd2a290c10158d71a4335

    • SHA1

      2bc902e3227581ae29780fd1b039a8125e51ab8f

    • SHA256

      5416a414a27a40f75e64cc68fb456e7655732fe173f43685e93b9ecad1bbc7f7

    • SHA512

      479e5e78402084e26e73fd680713c0fc4ec639374e41264238f8bceef14bc39e858c3115839501f965e1d7a0df7099fd2616189b71f87e4b764c680954d09ecc

    • SSDEEP

      98304:qxC3ud6MOIvysiwCQKzo5qphIHVruP3WpF3UdE1hZHEdLFhmil+:9GQFMkhgJuP32+dmhZk/T

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks