expiro | 855835c3d9ea5e09c536d2458c8e6aca0db6c2ca5128bc19f613847591acc785 | Triage

Submit
Reports

Overview

overview

Static

static

3

fc4b1bb821...18.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

fc4b1bb821c0a55ae6fdc3df81affab9_JaffaCakes118
Size

672KB
Sample

240420-jvzv4sca87
MD5

fc4b1bb821c0a55ae6fdc3df81affab9
SHA1

e2876fac3c5059481f8aa301de7d99ab0f8858b9
SHA256

855835c3d9ea5e09c536d2458c8e6aca0db6c2ca5128bc19f613847591acc785
SHA512

a75faf701c4083fac7c3311243d4de07f5a0bc6386ca98453ffed9854ccc3cb42ea62f5a9d49e6d84fbc3212e96653f713188ed72f9c413000b1896b34cede07
SSDEEP

12288:PHCCGxTbAe2mjiVg69cvigz5p4wQrE1bSvAQxMWk2eKXPaJv:PHClx/0gKgzorE1bSvBx5k2/PCv

Score

10^/10

expiro backdoor discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fc4b1bb821c0a55ae6fdc3df81affab9_JaffaCakes118.exe

Resource

win10v2004-20240412-en

expiro backdoor discovery evasion trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  fc4b1bb821c0a55ae6fdc3df81affab9_JaffaCakes118
- Size
  
  672KB
- MD5
  
  fc4b1bb821c0a55ae6fdc3df81affab9
- SHA1
  
  e2876fac3c5059481f8aa301de7d99ab0f8858b9
- SHA256
  
  855835c3d9ea5e09c536d2458c8e6aca0db6c2ca5128bc19f613847591acc785
- SHA512
  
  a75faf701c4083fac7c3311243d4de07f5a0bc6386ca98453ffed9854ccc3cb42ea62f5a9d49e6d84fbc3212e96653f713188ed72f9c413000b1896b34cede07
- SSDEEP
  
  12288:PHCCGxTbAe2mjiVg69cvigz5p4wQrE1bSvAQxMWk2eKXPaJv:PHClx/0gKgzorE1bSvBx5k2/PCv
Score

10^/10

expiro backdoor discovery evasion trojan
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscoveryevasiontrojan

© 2018-2025

Terms | Privacy