expiro | df54c21ba0cf550eeec35e12389b04bd5ba0e0fc4d8b1f7b00e6462ad2078f25 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...54.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_3e39fff75f17d22d6680c691ed6dc954
Size

625KB
Sample

241231-3ey4esxmbm
MD5

3e39fff75f17d22d6680c691ed6dc954
SHA1

9738179ee0793e408f0158348a4a5dccf42e0ed6
SHA256

df54c21ba0cf550eeec35e12389b04bd5ba0e0fc4d8b1f7b00e6462ad2078f25
SHA512

a0ef49f2b4c34f39efef21a69f021896ae2fc72b91af8682eaf31468e80b6e47d7807618617e420fd0ee3f8b55e68b2e8dcecc659a98ed259029e9d3f771ac9e
SSDEEP

12288:uVt+w8wyv//66WoJMH4xBLc8A5N2mVgxRFTLxT4NH:kt+w5yvDJs8JWMHxT

Score

10^/10

expiro backdoor discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_3e39fff75f17d22d6680c691ed6dc954.exe

Resource

win10v2004-20241007-en

expiro backdoor discovery evasion trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_3e39fff75f17d22d6680c691ed6dc954
- Size
  
  625KB
- MD5
  
  3e39fff75f17d22d6680c691ed6dc954
- SHA1
  
  9738179ee0793e408f0158348a4a5dccf42e0ed6
- SHA256
  
  df54c21ba0cf550eeec35e12389b04bd5ba0e0fc4d8b1f7b00e6462ad2078f25
- SHA512
  
  a0ef49f2b4c34f39efef21a69f021896ae2fc72b91af8682eaf31468e80b6e47d7807618617e420fd0ee3f8b55e68b2e8dcecc659a98ed259029e9d3f771ac9e
- SSDEEP
  
  12288:uVt+w8wyv//66WoJMH4xBLc8A5N2mVgxRFTLxT4NH:kt+w5yvDJs8JWMHxT
Score

10^/10

expiro backdoor discovery evasion trojan
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscoveryevasiontrojan

© 2018-2025

Terms | Privacy