General

  • Target

    ab82eeb4d0bfc29e266388cc4c2d372b.zip

  • Size

    291KB

  • Sample

    240901-d62wys1cjc

  • MD5

    c659195f99f98784cfdb23c7b2b91289

  • SHA1

    87faa2f424f4cdc90d04e9f63e8ec964996d8b58

  • SHA256

    1a09288983e86e28e6542caf27f0aa856ee2375c24e579f835b390ed9ecfc761

  • SHA512

    ce44106139a8ad78018ba552501b2ded02c1f00139e931d1617373a503e407d0b49a3a45b067a0a8d37b5de012407c802815d887499063274e45e1bede16e5ea

  • SSDEEP

    6144:Xx2AGUuZtelxw/dnWnXSR8gZtB/MQYIwa5sKHVCs/ly7IJ:XFGUitd1WnieOMQ/fPYq

Malware Config

Targets

    • Target

      4fced8f23e19e90f89d110b6dc75f76edac9624fc3aa99f793a249a4e76a8ed4

    • Size

      411KB

    • MD5

      ab82eeb4d0bfc29e266388cc4c2d372b

    • SHA1

      836976baba2cba88f4a4c1238b22a466dbebea4a

    • SHA256

      4fced8f23e19e90f89d110b6dc75f76edac9624fc3aa99f793a249a4e76a8ed4

    • SHA512

      987b8634a5ac0fc6234ee10b5b437bff3450e6f473afcfa2c17c41df6d2241765e8813076a699aaa22bd58a00493b4d7b9008b5a96b1c12fe82120c1983605d1

    • SSDEEP

      12288:JetLagza/unbxptENWXkVTTM5ct0bDMT:JettMMbxpSNMk12c20T

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks