General
-
Target
JaffaCakes118_25fc116d849d873fe7d094b20c61a0a3
-
Size
625KB
-
Sample
241231-s7x2qazlep
-
MD5
25fc116d849d873fe7d094b20c61a0a3
-
SHA1
ba11b8661fcd9fd4b0a595d4991b8aaab25f0739
-
SHA256
0636e2319a648568e7183e354d518dfd8033afe9fbe0f9d37cf45545a6790ff0
-
SHA512
859d7739b13f0cace8b7d5cc231d3ad250149642cef3c9bb38765771572e62011d2624f4ab4df5ec7371f3a8104784bed966374ed78f57307a9fd8e4b58a59e1
-
SSDEEP
12288:dVt+w8wyv/m66WoJM9/Da1AtooMZlNKh6ZOmcQzpv9ymggRxcXtB:Lt+w5yWDJmbYAhG8cZOKzyQcv
Malware Config
Targets
-
-
Target
JaffaCakes118_25fc116d849d873fe7d094b20c61a0a3
-
Size
625KB
-
MD5
25fc116d849d873fe7d094b20c61a0a3
-
SHA1
ba11b8661fcd9fd4b0a595d4991b8aaab25f0739
-
SHA256
0636e2319a648568e7183e354d518dfd8033afe9fbe0f9d37cf45545a6790ff0
-
SHA512
859d7739b13f0cace8b7d5cc231d3ad250149642cef3c9bb38765771572e62011d2624f4ab4df5ec7371f3a8104784bed966374ed78f57307a9fd8e4b58a59e1
-
SSDEEP
12288:dVt+w8wyv/m66WoJM9/Da1AtooMZlNKh6ZOmcQzpv9ymggRxcXtB:Lt+w5yWDJmbYAhG8cZOKzyQcv
Score10/10-
Expiro family
-
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
-
Expiro payload
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-