Overview

overview

10

Static

static

3

JaffaCakes...e0.exe

windows7-x64

10

JaffaCakes...e0.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7aca9fb59d176aa3ee9499bb5d86eae0

  • Size

    706KB

  • Sample

    250104-vha7rsykbv

  • MD5

    7aca9fb59d176aa3ee9499bb5d86eae0

  • SHA1

    b312626f30ca35ccdf121b8289daa13d6198f95d

  • SHA256

    159ada880f50d0577439f7f800219a43c7b2a3e8b08aae1154144998a1648ccc

  • SHA512

    06afeabf5ff69b343bba84acf28c2aae73138ff07aa992c93561d3054e432e9cf1631ba1c2c841935879c6c38dd0d146a4ddb95f403ad6bbccb9832e94e05974

  • SSDEEP

    12288:TvqlqSrzEAupLiPuSrN03Mad1U/VKDXdrElzJlLeASe0LuT7MvQtbks+/z:rsqSroAupL8uSrO3MPYyjnsk7IH

Score
10/10
expirobackdoorcredential_accessdiscoveryevasionspywarestealertrojan

Malware Config

Targets

    • Target

      JaffaCakes118_7aca9fb59d176aa3ee9499bb5d86eae0

    • Size

      706KB

    • MD5

      7aca9fb59d176aa3ee9499bb5d86eae0

    • SHA1

      b312626f30ca35ccdf121b8289daa13d6198f95d

    • SHA256

      159ada880f50d0577439f7f800219a43c7b2a3e8b08aae1154144998a1648ccc

    • SHA512

      06afeabf5ff69b343bba84acf28c2aae73138ff07aa992c93561d3054e432e9cf1631ba1c2c841935879c6c38dd0d146a4ddb95f403ad6bbccb9832e94e05974

    • SSDEEP

      12288:TvqlqSrzEAupLiPuSrN03Mad1U/VKDXdrElzJlLeASe0LuT7MvQtbks+/z:rsqSroAupL8uSrO3MPYyjnsk7IH

    Score
    10/10
    expirobackdoorcredential_accessdiscoveryevasionspywarestealertrojan

    • Expiro family

      expiro

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

      backdoorexpiro

    • Expiro payload

      backdoor

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unsecured Credentials: Credentials In Files

      Steal credentials from unsecured files.

      credential_accessstealer

    • Windows security modification

      evasiontrojan

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks