General

  • Target

    8b6c68e136bc1e084adc817668558bf2.zip

  • Size

    293KB

  • Sample

    240901-x4cc3azcnm

  • MD5

    a0eaeba5b7b64039866318b0500617e1

  • SHA1

    1535eda8bc04cea7304d9252ef5290d8502042eb

  • SHA256

    acab845ba6a90301163c1c73c2dd81dd68491a7ab047fa8fddf76257bcbb8c77

  • SHA512

    11d9e0217ec2bc6839b72305ae7bd4f19782dc6ca26b90d62c18daaeea82fba6cae803db2bd5635421ad9e96da9f33a559b05c6dfebae5c69a3acb1fb2367db9

  • SSDEEP

    6144:f6e9TcvNTInWz83wFARlnR0mK80m1sNyYErPxmfWJA:kinWzzAnjeEjLJA

Malware Config

Targets

    • Target

      ba075c02a061c96f5604e801215db9118a51a81ab8460c75d73ceac99408786c

    • Size

      415KB

    • MD5

      8b6c68e136bc1e084adc817668558bf2

    • SHA1

      4819547f22c885e42ef398e06766581a954157cf

    • SHA256

      ba075c02a061c96f5604e801215db9118a51a81ab8460c75d73ceac99408786c

    • SHA512

      225b94758488938752228156e894bf9c4184be44efe5029884633ab5258acbe3c8c7a7f16f219f425ee0d1b326757c98b796310b492f4f62dfc95192ad37714d

    • SSDEEP

      12288:mf5auspr1fNtSMT0tSSOw10VLhIYF8RThd:mfBsptSMTKKw0a7d

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks