General

  • Target

    6dbaa3024b9d157f41620afae069d709.zip

  • Size

    295KB

  • Sample

    240903-2j2vfazgnd

  • MD5

    da38c9b16597896283d08d415c8bccb2

  • SHA1

    fac015d95f1e82d18fb0a5cf56987d795c4e0140

  • SHA256

    f067d065adcce157da35cfb58b3342f55893c145007cce495765a816a71cbacd

  • SHA512

    3e74150c26d45ad490d9447c0fd471c5b6742ad08b052858b9ed6ba866af954d2802fce58a285b3f087ffc870115b524f317659b7ae20e36db8b19f7f736627d

  • SSDEEP

    6144:tSnW1jaxZ7Gzm+TVfL0XPKAy5+yTpNufWEICDPSgNXxhw/iDPgED88P4pi:tSnW989cVz0XP/IJNu7ICKgKIgEQ8P40

Malware Config

Targets

    • Target

      a30d56e5191331af35183391ecf6ea1bd45dccea1fbeb0a7e6f6933bf7f209fd

    • Size

      417KB

    • MD5

      6dbaa3024b9d157f41620afae069d709

    • SHA1

      511581e901d79cb5aa3352d1e2b21e219016d558

    • SHA256

      a30d56e5191331af35183391ecf6ea1bd45dccea1fbeb0a7e6f6933bf7f209fd

    • SHA512

      f6b16ae8e36e5e395f454fd0b5bee8ce1fabcd8dfee73b63a971946d2f46f63259d1b19e6fe18f188ea05e6b68c4d415e78ba970bc5f869ff03daf858f1a9c96

    • SSDEEP

      6144:QSpwTxz8fEYga22UHHXyDArvBIM6zOe3ONgEox946lzmEZYS5+oj9COdbeOut8MQ:3+lAfEYAtHCDArvxeOhjo46hjYJQ0mN

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks