General
-
Target
JaffaCakes118_42eda4db1284727e0cc4ddcc1c575cc7
-
Size
235KB
-
Sample
250127-x47tzasmgw
-
MD5
42eda4db1284727e0cc4ddcc1c575cc7
-
SHA1
5f9e34aebac1aefa99230ab6697ed20c65f18d30
-
SHA256
17e16a91b5b16bd34fde1dbb4ac47af55b0d76db77593c2467c75d90f9e845be
-
SHA512
ad9da93e9a6d3947aeaaf1906f1ef37496bd651a90f6f720d5a21d9d9e0106e1631ffcc422b33e4ec3263903a6cb5a08909681336caee35f9a7586115d4fac60
-
SSDEEP
6144:3A8CaRVMMMMMM2MMMMMhP+Nnb/dUrAeb41Lq+s:3AbaRaMMMMM2MMMMMhP+Nnb/dU0nLq+
Malware Config
Targets
-
-
Target
JaffaCakes118_42eda4db1284727e0cc4ddcc1c575cc7
-
Size
235KB
-
MD5
42eda4db1284727e0cc4ddcc1c575cc7
-
SHA1
5f9e34aebac1aefa99230ab6697ed20c65f18d30
-
SHA256
17e16a91b5b16bd34fde1dbb4ac47af55b0d76db77593c2467c75d90f9e845be
-
SHA512
ad9da93e9a6d3947aeaaf1906f1ef37496bd651a90f6f720d5a21d9d9e0106e1631ffcc422b33e4ec3263903a6cb5a08909681336caee35f9a7586115d4fac60
-
SSDEEP
6144:3A8CaRVMMMMMM2MMMMMhP+Nnb/dUrAeb41Lq+s:3AbaRaMMMMM2MMMMMhP+Nnb/dU0nLq+
Score10/10-
Expiro family
-
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
-
Expiro payload
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files
Steal credentials from unsecured files.
-
Drops Chrome extension
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2