Overview

overview

10

Static

static

3

JaffaCakes...c7.exe

windows7-x64

10

JaffaCakes...c7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_60a35a694c0036f1069e44092d400ec7

  • Size

    880KB

  • Sample

    250101-zvf11awngl

  • MD5

    60a35a694c0036f1069e44092d400ec7

  • SHA1

    ab0277112625b9d8197b169ecf3877fc61d88d5f

  • SHA256

    9296bd38edc3ee0edf035fddf3d749ca0e832455cadf71273405563da6f5a7f0

  • SHA512

    fedfbf59cbb42a65342d05734e6f29797ab9276c4f4790ba7c3c6cadc09ddcf31a51a54d8d01bb7315e3981554e3ffbd70fc4bf4d094241d51b9ae3791424985

  • SSDEEP

    12288:lKPRz7pW6NpUUIIeAldFzc+spaUm5A2SKluFFS8h:URzlW6n9eQd/smBiF

Score
10/10
expirobackdoorcredential_accessdiscoveryevasionspywarestealertrojan

Malware Config

Targets

    • Target

      JaffaCakes118_60a35a694c0036f1069e44092d400ec7

    • Size

      880KB

    • MD5

      60a35a694c0036f1069e44092d400ec7

    • SHA1

      ab0277112625b9d8197b169ecf3877fc61d88d5f

    • SHA256

      9296bd38edc3ee0edf035fddf3d749ca0e832455cadf71273405563da6f5a7f0

    • SHA512

      fedfbf59cbb42a65342d05734e6f29797ab9276c4f4790ba7c3c6cadc09ddcf31a51a54d8d01bb7315e3981554e3ffbd70fc4bf4d094241d51b9ae3791424985

    • SSDEEP

      12288:lKPRz7pW6NpUUIIeAldFzc+spaUm5A2SKluFFS8h:URzlW6n9eQd/smBiF

    Score
    10/10
    expirobackdoorcredential_accessdiscoveryevasionspywarestealertrojan

    • Expiro family

      expiro

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

      backdoorexpiro

    • Expiro payload

      backdoor

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Windows security modification

      evasiontrojan

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks