Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
07/01/2025, 22:21 UTC
General
-
Target
JaffaCakes118_7c6428d595e07abef567f925f1778082.exe
-
Size
432KB
-
MD5
7c6428d595e07abef567f925f1778082
-
SHA1
9fcf2c3c205b00158fc9751156dddb7327750d14
-
SHA256
b525b3491f0f66a0454b1a2e9730b75cf5f30a518101cf0d0179874ae43081c8
-
SHA512
12cd98eef56bbd561b59489a4c27b66114a3c8d56cdca4756b9eb551e80a14fd8ba1078f4f1e4d61d56ba7d5886d669b894b42d2e7d3933f38870906647d9b4e
-
SSDEEP
12288:DUCmZiCPIHaKcomOgrSu+eun7OnNPKMhr:NCPIHaK9mOgWF7wRKMh
Score
10/10
Malware Config
Signatures
-
Expiro family
-
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
-
Expiro payload 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7c6428d595e07abef567f925f1778082.exe"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_7c6428d595e07abef567f925f1778082.exe"1⤵
Network
-
DNS232.168.11.51.in-addr.arpaRemote address:8.8.8.8:53Request232.168.11.51.in-addr.arpaIN PTRResponse -
DNS14.160.190.20.in-addr.arpaRemote address:8.8.8.8:53Request14.160.190.20.in-addr.arpaIN PTRResponse
-
DNS95.221.229.192.in-addr.arpaRemote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
DNS209.205.72.20.in-addr.arpaRemote address:8.8.8.8:53Request209.205.72.20.in-addr.arpaIN PTRResponse
-
DNS13.86.106.20.in-addr.arpaRemote address:8.8.8.8:53Request13.86.106.20.in-addr.arpaIN PTRResponse
-
DNS197.87.175.4.in-addr.arpaRemote address:8.8.8.8:53Request197.87.175.4.in-addr.arpaIN PTRResponse
-
DNS206.23.85.13.in-addr.arpaRemote address:8.8.8.8:53Request206.23.85.13.in-addr.arpaIN PTRResponse
-
DNS14.227.111.52.in-addr.arpaRemote address:8.8.8.8:53Request14.227.111.52.in-addr.arpaIN PTRResponse
No results found
-
8.8.8.8:53232.168.11.51.in-addr.arpadns
DNS Request
232.168.11.51.in-addr.arpa
-
8.8.8.8:5314.160.190.20.in-addr.arpadns
DNS Request
14.160.190.20.in-addr.arpa
-
8.8.8.8:5395.221.229.192.in-addr.arpadns
DNS Request
95.221.229.192.in-addr.arpa
-
8.8.8.8:53209.205.72.20.in-addr.arpadns
DNS Request
209.205.72.20.in-addr.arpa
-
8.8.8.8:5313.86.106.20.in-addr.arpadns
DNS Request
13.86.106.20.in-addr.arpa
-
8.8.8.8:53197.87.175.4.in-addr.arpadns
DNS Request
197.87.175.4.in-addr.arpa
-
8.8.8.8:53206.23.85.13.in-addr.arpadns
DNS Request
206.23.85.13.in-addr.arpa
-
8.8.8.8:5314.227.111.52.in-addr.arpadns
DNS Request
14.227.111.52.in-addr.arpa
-
8.8.8.8:53
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
592KB
-
Filesize
1.0MB
-
Filesize
592KB
-
Filesize
1.0MB