General

  • Target

    a6b8db8215b183a84d56e2c0e76147fa.zip

  • Size

    3.5MB

  • Sample

    240901-yd3b8s1anh

  • MD5

    2915afe95362cf163023a81ba74984bb

  • SHA1

    1cbb7f23906a295dbd2b3b404d1f7bd7ce03e566

  • SHA256

    1e2e8a70198577d4c6e69b5f6204272091dcb370baa649cd63d44474c273ddbd

  • SHA512

    da9a881efb21c170e0d427ff7d3819a1141b531efddfc5de98bf23b020e482d65f95762205a0cfffb8d03dbbea1ab4cd91facf224bcb913e9ae66fbe343dc6c9

  • SSDEEP

    98304:noHONAAETnxRmOno+yhUxxEV3lp4cYtm/Cp:eONA9xRTo+yhUv4kcYyCp

Malware Config

Targets

    • Target

      a225275b37dc396bd2619a87ff2b16ebb2d82ca201d8fa2f446696fcf453403e

    • Size

      7.3MB

    • MD5

      a6b8db8215b183a84d56e2c0e76147fa

    • SHA1

      e6dcc80893afdc173ebaba8061543d0986e7ad80

    • SHA256

      a225275b37dc396bd2619a87ff2b16ebb2d82ca201d8fa2f446696fcf453403e

    • SHA512

      e4ff9c34769468a08088cfabb1941928727f17d8de6f7f96b9d20b7b5d90a32fe8d4308b8b3cb5f2d8cde7d4c2942ce1dd32527a9ec6008f33906e587f9d9bba

    • SSDEEP

      98304:3xC3ud6MOIvysi7CQKzo5qphIHVruP3WpF3UdE1hZHEdLF00X:8GQgMkhgJuP32+dmhZk/0k

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks