General

  • Target

    1ddccfcf2a14b8dd1553585152ce568c.zip

  • Size

    314KB

  • Sample

    240831-tfw6sasenb

  • MD5

    476733ae85958661d9f1f7e2333319bc

  • SHA1

    c8dea329ff25585b3f5d911bd09cd7147445337e

  • SHA256

    3510abbff8f9dfccd15cead77ff7ae11f9aff9fd1f1786e431d74804c21c7b0a

  • SHA512

    42f8ddde585d164a8ceb9b0cfedbe3ed80be5e9dfe7d29a09dc5247a3d71fa02d31afbd02b162d5c25d4a37175d933bd54e368ae140f5032361616d8d1b0bab1

  • SSDEEP

    6144:w5//FnYLrM6il1ykvpjKRVKkhOX1cqRk9e7RrUtpL9kkApOr1fnl:wXYEV2R7aq39e7V0gQ1fl

Malware Config

Targets

    • Target

      89f5e95f29598074516207e355d6babdc5fbf0dc60f0a826e176e71965d89849

    • Size

      457KB

    • MD5

      1ddccfcf2a14b8dd1553585152ce568c

    • SHA1

      777596cb5b015aa326b26ae53daa1bae54e989c6

    • SHA256

      89f5e95f29598074516207e355d6babdc5fbf0dc60f0a826e176e71965d89849

    • SHA512

      0c8aeb804227d2be2214fe70de0698c672b7d12c3ad95b77256721ce331934491d05ef06fc79f943897c52b491ed59a01877125b2926a588536a9ca5cc82afd9

    • SSDEEP

      12288:0yseBUmKNwJ0CKW2F5rCVdrQGp0Nmk5bwjFf:ZJemKuKWSIVdrQGpAbOj1

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks