General

  • Target

    d902c7cbd76914a1c0f6b979811c26f2_JaffaCakes118

  • Size

    476KB

  • Sample

    240910-ze679awane

  • MD5

    d902c7cbd76914a1c0f6b979811c26f2

  • SHA1

    a2b9d78cf59d26d910004497f38582107779d9b6

  • SHA256

    fa9566a063f1aa27d9d509c00c7087b018310ca958d96bb34f750e659a1ab54c

  • SHA512

    4ade899e339c75f502f8a828ada671631b897fcc4b8bdf7034465d8dc0348eff524bbbca0cf954f3dc0abc8394b9e0df758cf1282bf611529eb98411cbf42d50

  • SSDEEP

    12288:EYmIjE7eNdKcWEbv2Ubr4TgyUbZm6qCs8e/G:U7eNAYbv2Ub8T5geL

Malware Config

Targets

    • Target

      d902c7cbd76914a1c0f6b979811c26f2_JaffaCakes118

    • Size

      476KB

    • MD5

      d902c7cbd76914a1c0f6b979811c26f2

    • SHA1

      a2b9d78cf59d26d910004497f38582107779d9b6

    • SHA256

      fa9566a063f1aa27d9d509c00c7087b018310ca958d96bb34f750e659a1ab54c

    • SHA512

      4ade899e339c75f502f8a828ada671631b897fcc4b8bdf7034465d8dc0348eff524bbbca0cf954f3dc0abc8394b9e0df758cf1282bf611529eb98411cbf42d50

    • SSDEEP

      12288:EYmIjE7eNdKcWEbv2Ubr4TgyUbZm6qCs8e/G:U7eNAYbv2Ub8T5geL

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks