General

  • Target

    aeacd6bfb480546d0ee3e14f0bb46f8c.zip

  • Size

    439KB

  • Sample

    240901-yd1teazdqp

  • MD5

    4b8cafa56f1d59b7ec4e204e19c1a77a

  • SHA1

    9c651ddfa9cdac5d2dbc2706fdf2d977045101aa

  • SHA256

    e96a4277c876088b4bc06d5313152340683e53b3375b92dc831f2e6f1a2d7e34

  • SHA512

    ae50a47ebe40ab1aa3b2c780de6313f42984238491b042332c37acdcb8aa2c0642d8ca013959b2c2613825806719a09eb88011633b11e5f3eb246bb4d8227a80

  • SSDEEP

    12288:4AnNpGGkNoARbjk7lsSfq5ug9NPXehZYGij7m:4QpX4R56sSfq5H9NPX/7y

Malware Config

Targets

    • Target

      3b6c6c2a764d8fef59455935fa43ac30fe7db543d13f6119a62c5b14faa87325

    • Size

      816KB

    • MD5

      aeacd6bfb480546d0ee3e14f0bb46f8c

    • SHA1

      05574783017260e4d3dc0ca831161b5cabf51c30

    • SHA256

      3b6c6c2a764d8fef59455935fa43ac30fe7db543d13f6119a62c5b14faa87325

    • SHA512

      6aa7e58beb9923690918de0c3634bc6ec170dff647fe5a381604b3e28c6f74ff5e12424175acecee21bf419f66060fd562d48a47ba72703c39e2b4aa0906e6f9

    • SSDEEP

      24576:BJW2KjJ4Td3kJnbsPhnzqpKZdhRcloe4Mmz5:BInJ4Td3mbsPhnepYhRclkd

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Disables taskbar notifications via registry modification

    • Executes dropped EXE

    • Windows security modification

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks