expiro | 01f666e43e9c3fe6523c6a84ca5e723e611dccb5c6f20a9fdd7130d0fc5f46c2 | Triage

Submit
Reports

Overview

overview

Static

static

3

01f666e43e...c2.exe

windows10-2004-x64

Sharing

General

Target

01f666e43e9c3fe6523c6a84ca5e723e611dccb5c6f20a9fdd7130d0fc5f46c2.exe
Size

5.1MB
Sample

241219-azr7dsypex
MD5

696f5496cbc6c66b66c764d18371556d
SHA1

00450fce8165b3b8b68c448ddf5f2a5ffdc3a5d6
SHA256

01f666e43e9c3fe6523c6a84ca5e723e611dccb5c6f20a9fdd7130d0fc5f46c2
SHA512

829552ae22c5426b4c565518bbeecd1bc46748c02123d212d7b08e89f92c00bd097508d8c0e6573e05a1c76e00e136b5d3ada2c4a72bdcdec8274d5b50afb71b
SSDEEP

98304:36ot44wGJGswP5FDe81lr9kY/mnlsdor1XwU/Ohz2WvJgd7x47tj:36otLwGwP55pr9kCmlwe1Xf/Ohz2+Kch

Score

10^/10

expiro backdoor discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

01f666e43e9c3fe6523c6a84ca5e723e611dccb5c6f20a9fdd7130d0fc5f46c2.exe

Resource

win10v2004-20241007-en

expiro backdoor discovery evasion trojan

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  01f666e43e9c3fe6523c6a84ca5e723e611dccb5c6f20a9fdd7130d0fc5f46c2.exe
- Size
  
  5.1MB
- MD5
  
  696f5496cbc6c66b66c764d18371556d
- SHA1
  
  00450fce8165b3b8b68c448ddf5f2a5ffdc3a5d6
- SHA256
  
  01f666e43e9c3fe6523c6a84ca5e723e611dccb5c6f20a9fdd7130d0fc5f46c2
- SHA512
  
  829552ae22c5426b4c565518bbeecd1bc46748c02123d212d7b08e89f92c00bd097508d8c0e6573e05a1c76e00e136b5d3ada2c4a72bdcdec8274d5b50afb71b
- SSDEEP
  
  98304:36ot44wGJGswP5FDe81lr9kY/mnlsdor1XwU/Ohz2WvJgd7x47tj:36otLwGwP55pr9kCmlwe1Xf/Ohz2+Kch
Score

10^/10

expiro backdoor discovery evasion trojan
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscoveryevasiontrojan

© 2018-2025

Terms | Privacy