General

  • Target

    dc80ef8510d3c1f192d29cd2943f8090_JaffaCakes118

  • Size

    457KB

  • Sample

    240912-srqbya1ekk

  • MD5

    dc80ef8510d3c1f192d29cd2943f8090

  • SHA1

    e38b9f18c2af6f265bb4653071c175ea01501fc3

  • SHA256

    bffeaf84e802f6e6380ac229fc411bfc7610009436bcbc90ffdf4c90f81554c5

  • SHA512

    a63194ceae6fd1ebdfc02ba826a74832adfcaa14e1f2ec8bd347055dbddf72431ecba21f0502c79fe9c17d0908659f38227c17816488e43f7e640c54839d1599

  • SSDEEP

    12288:aty+miXJeP9Z6WsQJi4BoTUYToGkzCAfPOe93:wy+miZeFEhWvoTbToGmOK3

Malware Config

Targets

    • Target

      dc80ef8510d3c1f192d29cd2943f8090_JaffaCakes118

    • Size

      457KB

    • MD5

      dc80ef8510d3c1f192d29cd2943f8090

    • SHA1

      e38b9f18c2af6f265bb4653071c175ea01501fc3

    • SHA256

      bffeaf84e802f6e6380ac229fc411bfc7610009436bcbc90ffdf4c90f81554c5

    • SHA512

      a63194ceae6fd1ebdfc02ba826a74832adfcaa14e1f2ec8bd347055dbddf72431ecba21f0502c79fe9c17d0908659f38227c17816488e43f7e640c54839d1599

    • SSDEEP

      12288:aty+miXJeP9Z6WsQJi4BoTUYToGkzCAfPOe93:wy+miZeFEhWvoTbToGmOK3

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks