General

  • Target

    d0880ec1ab1627d23202ee86d33b7356.zip

  • Size

    405KB

  • Sample

    240831-svwm5a1cja

  • MD5

    68b2996d27da8c17d98bdea3db35d3bd

  • SHA1

    eec225efd99784df0cffb419b4e92e88fa2c1923

  • SHA256

    d0db12599ead366e5c16b0bcc5332aeec67fe85fb2cd5eec9349992b546e0abf

  • SHA512

    873a1056b3953eae14d924e6d341d04838fd4de5cfc54e42d87b0100268c9cd201367e37a555d2fb93c8d4620ecf888ac877d6c0b37cb5df1640fa6e5078ff1c

  • SSDEEP

    12288:G2XcP34rE9DUsGE/zYimS+N84m9PmiIFWd:HMP3cE9DwgzY2+NmRmiP

Malware Config

Targets

    • Target

      3a6316319ad822be021d48242dfece7f9b8668bae7d19db466b7d514eeae41af

    • Size

      625KB

    • MD5

      d0880ec1ab1627d23202ee86d33b7356

    • SHA1

      a8dae933bdf12ccdd8f1c763d3be932186fe8966

    • SHA256

      3a6316319ad822be021d48242dfece7f9b8668bae7d19db466b7d514eeae41af

    • SHA512

      1d833b5f77b8cbb66224effe69daaa78e2b3fcfd2bde89c6d3bced4dcef83687b1cbeacd22f0055003ed0935a3cc83972f5b16a1fc476a896beae7d620c50549

    • SSDEEP

      12288:bVt+w8wyv/566WoJMOYeRqmyfq5M7I4XbDhyGdPiMbSLJj2xshdFSRO:ht+w5yJDJGeRMhjdudaKh

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks