expiro | 4a891ee78f84e3b520ee4bce1e665fc47043c6a3e1ff7580922d004993acd66d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-12-2024 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a891ee78f84e3b520ee4bce1e665fc47043c6a3e1ff7580922d004993acd66d.exe
Size

634KB
MD5

cfe87461ea33fdcc54686be06e6462ea
SHA1

3bad8ef904dd1401f5213f15c3ef423bdf389d5c
SHA256

4a891ee78f84e3b520ee4bce1e665fc47043c6a3e1ff7580922d004993acd66d
SHA512

d635f61edd4af8bc7f651a70f20b1d3f4539ae2b9db2db8fab27073e6a7ac57b48635920c925704c8495177e9b9269d270e6112a57ab10ae71ceaa7e720b6fd0
SSDEEP

12288:suDs792n9MoiGExHRw760XMqCgzTs9Fj+z:suD0E9M7pHW/M9gzTs9Fj+z

Score

10^/10

expiro backdoor discovery

Malware Config

Signatures

Expiro family
expiro
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
backdoor expiro

Expiro payload 1 IoCs

backdoor

resource	yara_rule
behavioral1/memory/2792-2-0x0000000001000000-0x000000000125E000-memory.dmp	family_expiro1

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4a891ee78f84e3b520ee4bce1e665fc47043c6a3e1ff7580922d004993acd66d.exe

C:\Users\Admin\AppData\Local\Temp\4a891ee78f84e3b520ee4bce1e665fc47043c6a3e1ff7580922d004993acd66d.exe
"C:\Users\Admin\AppData\Local\Temp\4a891ee78f84e3b520ee4bce1e665fc47043c6a3e1ff7580922d004993acd66d.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2792

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2792-0-0x0000000001000000-0x000000000125E000-memory.dmp

Filesize
2.4MB

Download
memory/2792-1-0x0000000000B20000-0x0000000000D7E000-memory.dmp

Filesize
2.4MB

Download
memory/2792-2-0x0000000001000000-0x000000000125E000-memory.dmp

Filesize
2.4MB

Download