General
-
Target
JaffaCakes118_4964e20c78ec9af68bac8a4684fa1b86
-
Size
959KB
-
Sample
250101-gg5hbsypfl
-
MD5
4964e20c78ec9af68bac8a4684fa1b86
-
SHA1
ce11c2a1775b1fc300bdf5caae2fd3e3a654dab1
-
SHA256
b98b4a58ffc62e2300baa88e627c709a0b8a2eaecfecabe9f93a6b3db4902b23
-
SHA512
9a284ba56e8e1a226179e88a49ff7e9a5b361bbc845aed4beb38e2aca81d7313270d2f9a75760106a0043aba83aabd3c33be18bb1ac2756e03f2a641988748f7
-
SSDEEP
24576:vPfAPgUYrPXPWeB7S53PW6DmIUVPulHTb9OLf:vXAqrP/WH5/WUmIUVWVTb9OL
Malware Config
Targets
-
-
Target
JaffaCakes118_4964e20c78ec9af68bac8a4684fa1b86
-
Size
959KB
-
MD5
4964e20c78ec9af68bac8a4684fa1b86
-
SHA1
ce11c2a1775b1fc300bdf5caae2fd3e3a654dab1
-
SHA256
b98b4a58ffc62e2300baa88e627c709a0b8a2eaecfecabe9f93a6b3db4902b23
-
SHA512
9a284ba56e8e1a226179e88a49ff7e9a5b361bbc845aed4beb38e2aca81d7313270d2f9a75760106a0043aba83aabd3c33be18bb1ac2756e03f2a641988748f7
-
SSDEEP
24576:vPfAPgUYrPXPWeB7S53PW6DmIUVPulHTb9OLf:vXAqrP/WH5/WUmIUVWVTb9OL
Score10/10-
Expiro family
-
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
-
Expiro payload
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Loads dropped DLL
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-