General
-
Target
JaffaCakes118_d0fce1bdfa2ce50c34bdefaaddde99a6
-
Size
622KB
-
Sample
250109-yp1yjs1per
-
MD5
d0fce1bdfa2ce50c34bdefaaddde99a6
-
SHA1
2706984b9d962685430c3cf109fe013f70221873
-
SHA256
1d937f5a9dc0653c669444397cf781de6dce294a408ef73eb9c35f8295d47a14
-
SHA512
a19108e668dca821490c7ace94c7e04f1b24ac4799a177f879edf0253bece825a7eab19b9ff7230db44abe25c2bb1224c6b57d1d74f7120bb462929c6e894b57
-
SSDEEP
12288:PbDVP4WA10Gp+Cd4jNOGiiVhNTrRjJx0L311B9mPDB7IiNvp:DRwWA10Gp+lii7NTNjglk9FN
Malware Config
Targets
-
-
Target
JaffaCakes118_d0fce1bdfa2ce50c34bdefaaddde99a6
-
Size
622KB
-
MD5
d0fce1bdfa2ce50c34bdefaaddde99a6
-
SHA1
2706984b9d962685430c3cf109fe013f70221873
-
SHA256
1d937f5a9dc0653c669444397cf781de6dce294a408ef73eb9c35f8295d47a14
-
SHA512
a19108e668dca821490c7ace94c7e04f1b24ac4799a177f879edf0253bece825a7eab19b9ff7230db44abe25c2bb1224c6b57d1d74f7120bb462929c6e894b57
-
SSDEEP
12288:PbDVP4WA10Gp+Cd4jNOGiiVhNTrRjJx0L311B9mPDB7IiNvp:DRwWA10Gp+lii7NTNjglk9FN
Score10/10-
Expiro family
-
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
-
Expiro payload
-
Disables taskbar notifications via registry modification
-
Executes dropped EXE
-
Windows security modification
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-