General

  • Target

    5d3aa96ac3f903590db367dd7cfb0edf.zip

  • Size

    314KB

  • Sample

    240901-x4cc3azhka

  • MD5

    85ad7522b0957976641248b17b89a905

  • SHA1

    b4880d3c77d36596729a00a41d560c27df0059e6

  • SHA256

    f6a159053b9bdeecf46252ee42de9fa23d505cc02a779efc8ed17352e7463692

  • SHA512

    fe5a07085c3237842c40b61e0663c06a953ac21f3d0bcb0bd204562201df5c559321207c8d15e3031c7b89548f66ce2669fd849a16b48c752014f028d5f045b9

  • SSDEEP

    6144:GJKVrg8HqoxEefRPJlg/YQg7NwdDmM5/7ILghhnQuWWhKUU7UqUjfzlcVXJG:G8g8KCEe9JSgt69DhZwWhKZU1flmXw

Malware Config

Targets

    • Target

      540421cd7a5ee36ae48495465a8e4b3a59f6b99b2bdf79a62affd4b09755bdfe

    • Size

      457KB

    • MD5

      5d3aa96ac3f903590db367dd7cfb0edf

    • SHA1

      ad2566e08e35eb033ff894b09f78f2bdcbdc0389

    • SHA256

      540421cd7a5ee36ae48495465a8e4b3a59f6b99b2bdf79a62affd4b09755bdfe

    • SHA512

      1a5062f160962df30bc1275e7c14d6cc3a83612f2fc4932d26dd98c82fec2804cd08691e5cbc1601db87275703bc8f4d90f0a010c3f6f1e5407eaa7141d385eb

    • SSDEEP

      6144:YZuEOK99kXiT5Smyg1gQEuAD/3wxH0aVnFUVP5MHhj67Yx2D2iNIdLSarxUGQYNF:YAEmDrCm2HeSiqLSarxtyZl

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks