Overview

overview

10

Static

static

3

JaffaCakes...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_9ecd412f605a3e0e5e659d3b4f8f01b4

  • Size

    625KB

  • Sample

    250105-mwy7rasjfy

  • MD5

    9ecd412f605a3e0e5e659d3b4f8f01b4

  • SHA1

    aff493179d0ce163d58ad38a83f8ed8ac4a14d70

  • SHA256

    8c03c5e1a08e28b3e57c6d109739c452ce95c68703497681ed85de7ea82df6fe

  • SHA512

    ab78b29480199cd2bd3497f4d11138fb218f3c0fbbe416acb1e2b66c09642eadf055898004ad054316028395b38e1ddeff6f07eb5f975c54a48b4a9f67996a2b

  • SSDEEP

    12288:fVt+w8wyv/G66WoJMZZWj8E2wYRTrYYQKQ:Nt+w5yWDJoWj8hNV

Score
10/10
expirobackdoordiscoveryevasiontrojan

Malware Config

Targets

    • Target

      JaffaCakes118_9ecd412f605a3e0e5e659d3b4f8f01b4

    • Size

      625KB

    • MD5

      9ecd412f605a3e0e5e659d3b4f8f01b4

    • SHA1

      aff493179d0ce163d58ad38a83f8ed8ac4a14d70

    • SHA256

      8c03c5e1a08e28b3e57c6d109739c452ce95c68703497681ed85de7ea82df6fe

    • SHA512

      ab78b29480199cd2bd3497f4d11138fb218f3c0fbbe416acb1e2b66c09642eadf055898004ad054316028395b38e1ddeff6f07eb5f975c54a48b4a9f67996a2b

    • SSDEEP

      12288:fVt+w8wyv/G66WoJMZZWj8E2wYRTrYYQKQ:Nt+w5yWDJoWj8hNV

    Score
    10/10
    expirobackdoordiscoveryevasiontrojan

    • Expiro family

      expiro

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

      backdoorexpiro

    • Expiro payload

      backdoor

    • Disables taskbar notifications via registry modification

      evasion

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks