General
-
Target
da7ec1617ba3cae2a53216bc0c0c9ed03fdc28d553c7b63694bdbe1f7aa7482fN.exe
-
Size
770KB
-
Sample
241216-pvrgmazrfz
-
MD5
b6f1420b5d47f79b3870f04c576f76c0
-
SHA1
3dbd8a7b7eb149a7a17fdd1170c486d99b2ec073
-
SHA256
da7ec1617ba3cae2a53216bc0c0c9ed03fdc28d553c7b63694bdbe1f7aa7482f
-
SHA512
173266439e9f7c505f85bd69c923f700f10b6d8009914a40e7b6dc20776f29987ec1e75cc8b5d4cd8fcc0bc559e8200612e2dfea5344ea80a8efa74074baf1ae
-
SSDEEP
24576:FsqSroAupL8uSrO4MjyelIgBw+zs1FQW0Y+PHV6GYv:FGD+LzGbiy2IWHQfQBb6GY
Malware Config
Targets
-
-
Target
da7ec1617ba3cae2a53216bc0c0c9ed03fdc28d553c7b63694bdbe1f7aa7482fN.exe
-
Size
770KB
-
MD5
b6f1420b5d47f79b3870f04c576f76c0
-
SHA1
3dbd8a7b7eb149a7a17fdd1170c486d99b2ec073
-
SHA256
da7ec1617ba3cae2a53216bc0c0c9ed03fdc28d553c7b63694bdbe1f7aa7482f
-
SHA512
173266439e9f7c505f85bd69c923f700f10b6d8009914a40e7b6dc20776f29987ec1e75cc8b5d4cd8fcc0bc559e8200612e2dfea5344ea80a8efa74074baf1ae
-
SSDEEP
24576:FsqSroAupL8uSrO4MjyelIgBw+zs1FQW0Y+PHV6GYv:FGD+LzGbiy2IWHQfQBb6GY
Score10/10-
Expiro family
-
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
-
Expiro payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops Chrome extension
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2