General

  • Target

    d251730e23a403160d0fa09469f71479_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240907-tjd5dasanl

  • MD5

    d251730e23a403160d0fa09469f71479

  • SHA1

    a6f9458dd6ed866cb496b5fa1e0995c7a1fa5871

  • SHA256

    509104b6ee0a520836011cfd451b8f56ca95b2c3cc351f184ff1a24981e67a68

  • SHA512

    f906fc4e3c53310b7ebdf9d3b0313e7d4eda7faa615c2f43822e90a22c8f65e8ba1051db22291122f5b2dc8934ddb7a3d47105fd5c7db9c93b6be29c4062b0aa

  • SSDEEP

    49152:4GILDcO/fsBmLjRw6qpZmBZWyLaXMXWasQHoT1I:4GUQO/fsiR6vmBNLfmdX

Malware Config

Targets

    • Target

      d251730e23a403160d0fa09469f71479_JaffaCakes118

    • Size

      1.8MB

    • MD5

      d251730e23a403160d0fa09469f71479

    • SHA1

      a6f9458dd6ed866cb496b5fa1e0995c7a1fa5871

    • SHA256

      509104b6ee0a520836011cfd451b8f56ca95b2c3cc351f184ff1a24981e67a68

    • SHA512

      f906fc4e3c53310b7ebdf9d3b0313e7d4eda7faa615c2f43822e90a22c8f65e8ba1051db22291122f5b2dc8934ddb7a3d47105fd5c7db9c93b6be29c4062b0aa

    • SSDEEP

      49152:4GILDcO/fsBmLjRw6qpZmBZWyLaXMXWasQHoT1I:4GUQO/fsiR6vmBNLfmdX

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

    • Executes dropped EXE

    • Loads dropped DLL

    • System Binary Proxy Execution: Rundll32

      Abuse Rundll32 to proxy execution of malicious code.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks