General

  • Target

    e1a7b4cbe8e8aabce05747a34ce3a875.zip

  • Size

    3.5MB

  • Sample

    240901-tldlmavhjp

  • MD5

    90f56daf24885baee585b5f7ea36a229

  • SHA1

    55835b6b3dece8857b6481a57da646e9ce23fa9f

  • SHA256

    c2c268a37d16d52f7b0fcdcbc49a86de1283b22b8c858a0f81497d70b4e1cf0d

  • SHA512

    e20321057e40f64a151b9a7952a0edc87fc4b888ecfed414c6cbe79bde67f7fce2a380e81b0a5012a1f344d264ab5c4c6d08bd5c51723dec1e60db256f44b21f

  • SSDEEP

    98304:w7Ryg895ePro5JAtH8naTxxifgiFJQ/ZwsGhvmr:IRyL959JYcExEfgwJQhVGhvmr

Malware Config

Targets

    • Target

      4317afbf25f7145ec2e84eee745d09c9f6e8a0973a460892fc4fa76595bfa319

    • Size

      7.3MB

    • MD5

      e1a7b4cbe8e8aabce05747a34ce3a875

    • SHA1

      f31a6ca925f4a040bc29982ffb1cf6f0bc8b0843

    • SHA256

      4317afbf25f7145ec2e84eee745d09c9f6e8a0973a460892fc4fa76595bfa319

    • SHA512

      5db4ecec060dd771b77825106a554a7e91abc4da3431cff39fb4096ddad2309a230d28bf26777cb20d990678f7c21784aa00135057130517998488d9c79e520d

    • SSDEEP

      98304:dxC3ud6MOIvysi7CQKzo5qphIHVruP3WpF3UdE1hZHEdLF00n:SGQgMkhgJuP32+dmhZk/08

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks