expiro | 2aba4a323234e0a9ad5a811c175a05ee90cc2deb1c761a92a59f4473d70331dd | Triage

Submit
Reports

Overview

overview

Static

static

3

2aba4a3232...dN.exe

windows7-x64

2aba4a3232...dN.exe

windows10-2004-x64

Sharing

General

Target

2aba4a323234e0a9ad5a811c175a05ee90cc2deb1c761a92a59f4473d70331ddN.exe
Size

638KB
Sample

241205-l87tzswkcq
MD5

c2479bce000b9225709dfc162ba82e80
SHA1

e008d7ecc0089fb6eef91d4611cd0bdfd4e76049
SHA256

2aba4a323234e0a9ad5a811c175a05ee90cc2deb1c761a92a59f4473d70331dd
SHA512

49c192da068cf0af3ac2c3cde06c819e7e231da2e33c1b4339049f0822256d85f36e220c6203839b1f82e91159bf76b3bf9aac227962582c230a421e0aa493ac
SSDEEP

12288:iRRRaMMMMM2MMMMM/JS2f47CQOcHJW6/5P+B8+8EnAf:iRRRaMMMMM2MMMMM/JS7C5KW05mB8+7Y

Score

10^/10

expiro backdoor credential_access discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2aba4a323234e0a9ad5a811c175a05ee90cc2deb1c761a92a59f4473d70331ddN.exe

Resource

win7-20240903-en

expiro backdoor credential_access discovery spyware stealer

windows7-x64

16 signatures

120 seconds

Behavioral task

behavioral2

Sample

2aba4a323234e0a9ad5a811c175a05ee90cc2deb1c761a92a59f4473d70331ddN.exe

Resource

win10v2004-20241007-en

expiro backdoor credential_access discovery spyware stealer

windows10-2004-x64

14 signatures

120 seconds

Malware Config

Targets

- Target
  
  2aba4a323234e0a9ad5a811c175a05ee90cc2deb1c761a92a59f4473d70331ddN.exe
- Size
  
  638KB
- MD5
  
  c2479bce000b9225709dfc162ba82e80
- SHA1
  
  e008d7ecc0089fb6eef91d4611cd0bdfd4e76049
- SHA256
  
  2aba4a323234e0a9ad5a811c175a05ee90cc2deb1c761a92a59f4473d70331dd
- SHA512
  
  49c192da068cf0af3ac2c3cde06c819e7e231da2e33c1b4339049f0822256d85f36e220c6203839b1f82e91159bf76b3bf9aac227962582c230a421e0aa493ac
- SSDEEP
  
  12288:iRRRaMMMMM2MMMMM/JS2f47CQOcHJW6/5P+B8+8EnAf:iRRRaMMMMM2MMMMM/JS7C5KW05mB8+7Y
Score

10^/10

expiro backdoor credential_access discovery spyware stealer
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Drops Chrome extension
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoorcredential_accessdiscoveryspywarestealer

behavioral2

expirobackdoorcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy