expiro | e41df91d493484b9992d130f6a6f041cf9909144cc02e7744d6edb4027dce760 | Triage

Sharing

General

Target

e41df91d493484b9992d130f6a6f041cf9909144cc02e7744d6edb4027dce760N.exe
Size

402KB
Sample

241216-wq1casxpcr
MD5

e5419bb26deca9e4b7ff178ff8f8b240
SHA1

4b74a932e9a4c6f375a801d88545f36ea812920a
SHA256

e41df91d493484b9992d130f6a6f041cf9909144cc02e7744d6edb4027dce760
SHA512

22d036328d76a9409cb4e5ef24d170bc8fa24914fd38571f01ca64e4df05201014756ef74e3500f10e1cc8b7780bd82ee4afca41abdda5f2f1475dc1fa62544b
SSDEEP

12288:9vqlqSrzEAupLiPuSrN0lMaKTF/HRzXKxPQZ:psqSroAupL8uSrOlM5/H85K

Score

10^/10

expiro backdoor credential_access discovery evasion spyware stealer trojan

Malware Config

Targets

- Target
  
  e41df91d493484b9992d130f6a6f041cf9909144cc02e7744d6edb4027dce760N.exe
- Size
  
  402KB
- MD5
  
  e5419bb26deca9e4b7ff178ff8f8b240
- SHA1
  
  4b74a932e9a4c6f375a801d88545f36ea812920a
- SHA256
  
  e41df91d493484b9992d130f6a6f041cf9909144cc02e7744d6edb4027dce760
- SHA512
  
  22d036328d76a9409cb4e5ef24d170bc8fa24914fd38571f01ca64e4df05201014756ef74e3500f10e1cc8b7780bd82ee4afca41abdda5f2f1475dc1fa62544b
- SSDEEP
  
  12288:9vqlqSrzEAupLiPuSrN0lMaKTF/HRzXKxPQZ:psqSroAupL8uSrOlM5/H85K
Score

10^/10

expiro backdoor credential_access discovery evasion spyware stealer trojan
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoorcredential_accessdiscoveryevasionspywarestealertrojan

behavioral2