General

  • Target

    e0aab43d4b4c27682981525eb321fb36_JaffaCakes118

  • Size

    415KB

  • Sample

    240914-vzqc1sweme

  • MD5

    e0aab43d4b4c27682981525eb321fb36

  • SHA1

    17c93aa5e3e801b700d8e0f78252bc707d63643f

  • SHA256

    2f222aadb621fea67e1f487b7177971f4312272fd0a6da79f8650f6f1d6158cb

  • SHA512

    127d90c045e41acc40401c8c915e65b597f46bc4b57acf68ee699948e3db79fcdf366b118e61565951f394c4710bd828e1bca9dc00cf8a990bf722f01558df0f

  • SSDEEP

    12288:rrwyKsi/BqwSJDdKgKTUUTcRwUfHx60aEl:rrwyKsi/gDDuTRTcRwUfxv

Malware Config

Targets

    • Target

      e0aab43d4b4c27682981525eb321fb36_JaffaCakes118

    • Size

      415KB

    • MD5

      e0aab43d4b4c27682981525eb321fb36

    • SHA1

      17c93aa5e3e801b700d8e0f78252bc707d63643f

    • SHA256

      2f222aadb621fea67e1f487b7177971f4312272fd0a6da79f8650f6f1d6158cb

    • SHA512

      127d90c045e41acc40401c8c915e65b597f46bc4b57acf68ee699948e3db79fcdf366b118e61565951f394c4710bd828e1bca9dc00cf8a990bf722f01558df0f

    • SSDEEP

      12288:rrwyKsi/BqwSJDdKgKTUUTcRwUfHx60aEl:rrwyKsi/gDDuTRTcRwUfxv

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

    • Expiro payload

MITRE ATT&CK Enterprise v15

Tasks