expiro | d08873d10eb9ddf5a57d7148a284bf1d9ae0794a571dcd6ff4cc9a7a88daae6c | Triage

Submit
Reports

Overview

overview

Static

static

3

d08873d10e...cN.exe

windows10-2004-x64

Sharing

General

Target

d08873d10eb9ddf5a57d7148a284bf1d9ae0794a571dcd6ff4cc9a7a88daae6cN.exe
Size

5.1MB
Sample

241219-je8s3svngw
MD5

3e3dc3d3109e15f6740176a2e0194b90
SHA1

c93db0aaf7297216fde8715d7a3d23514cfe6b79
SHA256

d08873d10eb9ddf5a57d7148a284bf1d9ae0794a571dcd6ff4cc9a7a88daae6c
SHA512

3f16d26d2ddbab46efc4f945501eeb670dfd95bf8bc37572d8f85a4097147ff9b72da8ba5e82a250f31b286b46286ecd2b94234c757f6efa17d7ad501ffd53b7
SSDEEP

98304:36ot44wGJGswP5FDe81lr9kY/mnlsdor1XwU/Ohz2WvJgd7x47t:36otLwGwP55pr9kCmlwe1Xf/Ohz2+Kc

Score

10^/10

expiro backdoor discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d08873d10eb9ddf5a57d7148a284bf1d9ae0794a571dcd6ff4cc9a7a88daae6cN.exe

Resource

win10v2004-20241007-en

expiro backdoor discovery evasion trojan

windows10-2004-x64

19 signatures

120 seconds

Malware Config

Targets

- Target
  
  d08873d10eb9ddf5a57d7148a284bf1d9ae0794a571dcd6ff4cc9a7a88daae6cN.exe
- Size
  
  5.1MB
- MD5
  
  3e3dc3d3109e15f6740176a2e0194b90
- SHA1
  
  c93db0aaf7297216fde8715d7a3d23514cfe6b79
- SHA256
  
  d08873d10eb9ddf5a57d7148a284bf1d9ae0794a571dcd6ff4cc9a7a88daae6c
- SHA512
  
  3f16d26d2ddbab46efc4f945501eeb670dfd95bf8bc37572d8f85a4097147ff9b72da8ba5e82a250f31b286b46286ecd2b94234c757f6efa17d7ad501ffd53b7
- SSDEEP
  
  98304:36ot44wGJGswP5FDe81lr9kY/mnlsdor1XwU/Ohz2WvJgd7x47t:36otLwGwP55pr9kCmlwe1Xf/Ohz2+Kc
Score

10^/10

expiro backdoor discovery evasion trojan
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscoveryevasiontrojan

© 2018-2025

Terms | Privacy