General

  • Target

    9446474e1891350820484387790739f4.zip

  • Size

    2.3MB

  • Sample

    240903-nfkvvswfmd

  • MD5

    a9f13c8b6240ed148ae64f1c0fc260c0

  • SHA1

    f8f814a1bb1d7cb98b1f1856a92b990f10a2e63a

  • SHA256

    ce7fc4e3bd7e78de8ec3f7ee1e8b1883e951b2288e489b7630fff1e45ced69e8

  • SHA512

    08295cc6f2063370484aa3b2d0196e2973926655ab37a711570f438cbddad4f3d546d57b2069737f95877825a5a22fb0ff38600647de49083c2bfbf158ad7614

  • SSDEEP

    49152:Sp1WmJ8FK5ZJ0ltUQ8GJowsrrRfgKFqNgf8nt+sHrU36n:uLJSuK2yKRfxg+U8r6n

Malware Config

Targets

    • Target

      b61d0ea030d98bcf26d5e6ad21d02234ea6cdfc4a3303c9456edbf9aa9f49627

    • Size

      5.7MB

    • MD5

      9446474e1891350820484387790739f4

    • SHA1

      35d1300f88e3c0c32eda5ce181bcda27b7cc80e1

    • SHA256

      b61d0ea030d98bcf26d5e6ad21d02234ea6cdfc4a3303c9456edbf9aa9f49627

    • SHA512

      0618de0f0ae0997567eb17acdbae9327b04170a40415197aadf5743187bf51a6ec5d7400a77678abdc1329dba8ff53aa55170a4e669e304d4f26df25183564bb

    • SSDEEP

      98304:HBv78HEFfNHX5rpiD0XTa3aLkBo6DjD7d/TLCQlQGpq6B:UEFfHp7X2NDjD7d3CQagqw

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks