Overview

overview

10

Static

static

3

JaffaCakes...90.exe

windows7-x64

10

JaffaCakes...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_6a699195dcc432ba04a55d3c57cfb490

  • Size

    599KB

  • Sample

    250103-fsqb4szrfv

  • MD5

    6a699195dcc432ba04a55d3c57cfb490

  • SHA1

    6856d17223f34e2cc94a92f398edf8b9f178a9b4

  • SHA256

    bf2911d8d58136b627307249a4f836eded570d086fd0f670990de5161bdc83f2

  • SHA512

    bb7147ba4ffd4e952c55adf8844da0c609a620a029f4a3ebfbe16235c3b8fa07cd5de7ccf12783fe9aae5766c0f37e31fdfdd8829070689d00ce2f1e176f5739

  • SSDEEP

    12288:2VOBVTxcqfx0G2klcB4/iq7Aoo1RnA8y+rrlbOjkcxWnfxnX/:2OBVlh0Vic6x7UphMBcpnX/

Score
10/10
expirobackdoordiscoverypersistence

Malware Config

Targets

    • Target

      JaffaCakes118_6a699195dcc432ba04a55d3c57cfb490

    • Size

      599KB

    • MD5

      6a699195dcc432ba04a55d3c57cfb490

    • SHA1

      6856d17223f34e2cc94a92f398edf8b9f178a9b4

    • SHA256

      bf2911d8d58136b627307249a4f836eded570d086fd0f670990de5161bdc83f2

    • SHA512

      bb7147ba4ffd4e952c55adf8844da0c609a620a029f4a3ebfbe16235c3b8fa07cd5de7ccf12783fe9aae5766c0f37e31fdfdd8829070689d00ce2f1e176f5739

    • SSDEEP

      12288:2VOBVTxcqfx0G2klcB4/iq7Aoo1RnA8y+rrlbOjkcxWnfxnX/:2OBVlh0Vic6x7UphMBcpnX/

    Score
    10/10
    expirobackdoordiscoverypersistence

    • Expiro family

      expiro

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

      backdoorexpiro

    • Expiro payload

      backdoor

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks