expiro | 4cd835db621a39fb0e3b1dea4110233bb0d348534c0d263471ff3b61c67c5188

Analysis

max time kernel
95s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 06:46

Target

4cd835db621a39fb0e3b1dea4110233bb0d348534c0d263471ff3b61c67c5188.exe
Size

432KB
MD5

d3586442a71a1d0be46d0bfb75b73c84
SHA1

f2d09276c43e9898a7610ad7a70fd0faf2fe3048
SHA256

4cd835db621a39fb0e3b1dea4110233bb0d348534c0d263471ff3b61c67c5188
SHA512

524f4ac4779a35e61c6ebd0f407672772af404b3f99ef3597bf6a68ff6acc90629eb796e03d095fa1bb311110ac7644ee0e850b0da4f165206b20fe9b7976949
SSDEEP

12288:ZUCmZiC9rRlxFsvCxWL81IDzmqplwt6dEs2CD+zD:jCHlndYzFWtIV6P

Score

10^/10

expiro backdoor

Expiro family
expiro
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
backdoor expiro

Expiro payload 3 IoCs

backdoor

resource	yara_rule
behavioral1/memory/1016-0-0x0000000000470000-0x0000000000504000-memory.dmp	family_expiro1
behavioral1/memory/1016-1-0x0000000000400000-0x0000000000504000-memory.dmp	family_expiro1
behavioral1/memory/1016-2-0x0000000000470000-0x0000000000504000-memory.dmp	family_expiro1

C:\Users\Admin\AppData\Local\Temp\4cd835db621a39fb0e3b1dea4110233bb0d348534c0d263471ff3b61c67c5188.exe
"C:\Users\Admin\AppData\Local\Temp\4cd835db621a39fb0e3b1dea4110233bb0d348534c0d263471ff3b61c67c5188.exe"
1⤵
PID:1016

memory/1016-0-0x0000000000470000-0x0000000000504000-memory.dmp

Filesize
592KB

Download
memory/1016-1-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download
memory/1016-2-0x0000000000470000-0x0000000000504000-memory.dmp

Filesize
592KB

Download