General
-
Target
JaffaCakes118_d3d2307888621834ef1180f905516a30
-
Size
625KB
-
Sample
250109-2aw8lasrax
-
MD5
d3d2307888621834ef1180f905516a30
-
SHA1
d0dc3acee8ab987c522d83fd15b374d663188064
-
SHA256
6b2b66264d21c6b51489406ae6f8e02c7522ce39bb3c3cb5a8bc694f640bbf66
-
SHA512
20704c2fe63102ecd92fbb98b9c054bec3b76e0b9c79b3387198ddb6ae95ca0ad22ca74b7cae0188c70ac7fc8c73ac074923498e79fbdc64a94248aae78fdf77
-
SSDEEP
12288:XVt+w8wyv/Y66WoJM832hOvHPHlC3MXGimg8KnpMgq:lt+w5yoDJjvv0cXGZgXnH
Malware Config
Targets
-
-
Target
JaffaCakes118_d3d2307888621834ef1180f905516a30
-
Size
625KB
-
MD5
d3d2307888621834ef1180f905516a30
-
SHA1
d0dc3acee8ab987c522d83fd15b374d663188064
-
SHA256
6b2b66264d21c6b51489406ae6f8e02c7522ce39bb3c3cb5a8bc694f640bbf66
-
SHA512
20704c2fe63102ecd92fbb98b9c054bec3b76e0b9c79b3387198ddb6ae95ca0ad22ca74b7cae0188c70ac7fc8c73ac074923498e79fbdc64a94248aae78fdf77
-
SSDEEP
12288:XVt+w8wyv/Y66WoJM832hOvHPHlC3MXGimg8KnpMgq:lt+w5yoDJjvv0cXGZgXnH
Score10/10-
Expiro family
-
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
-
Expiro payload
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-