Overview

overview

10

Static

static

1

JaffaCakes...77.exe

windows7-x64

10

JaffaCakes...77.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_2355177446aeaf352cd26eb1777d2b77

  • Size

    1.0MB

  • Sample

    250124-t1px7syndn

  • MD5

    2355177446aeaf352cd26eb1777d2b77

  • SHA1

    5e9c708bd0b6243d359cfd8ae05852c653f78b4c

  • SHA256

    22fc47f1b692f036a6d0ba6d9547192ed9aba1adba5c77d87d1b51ecb9c7a5e8

  • SHA512

    bee1dd157333b2aaa3281dbd6e2bec5a8171e6c85bf45b4d9bf56b3d3d9f576ccb30711d49be24eac459bbee300fc49f38b6d19ceda8860963d8860d9bd565e4

  • SSDEEP

    24576:clabsM8KGH7Co0OLeGrIocE5lArjPP5999O:cl08KGbNLeGMb4unBk

Score
10/10
expirobackdoordiscovery

Malware Config

Targets

    • Target

      JaffaCakes118_2355177446aeaf352cd26eb1777d2b77

    • Size

      1.0MB

    • MD5

      2355177446aeaf352cd26eb1777d2b77

    • SHA1

      5e9c708bd0b6243d359cfd8ae05852c653f78b4c

    • SHA256

      22fc47f1b692f036a6d0ba6d9547192ed9aba1adba5c77d87d1b51ecb9c7a5e8

    • SHA512

      bee1dd157333b2aaa3281dbd6e2bec5a8171e6c85bf45b4d9bf56b3d3d9f576ccb30711d49be24eac459bbee300fc49f38b6d19ceda8860963d8860d9bd565e4

    • SSDEEP

      24576:clabsM8KGH7Co0OLeGrIocE5lArjPP5999O:cl08KGbNLeGMb4unBk

    Score
    10/10
    expirobackdoordiscovery

    • Expiro family

      expiro

    • Expiro, m0yv

      Expiro aka m0yv is a multi-functional backdoor written in C++.

      backdoorexpiro

    • Expiro payload

      backdoor

    • Loads dropped DLL

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks