expiro | 52c44545129a7efe21cc8a3b71a4166af528a5b5142425617dcc907f62471478 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

JaffaCakes...a8.exe

windows7-x64

JaffaCakes...a8.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_09d607bb679423c3a1636d922b0470a8
Size

645KB
Sample

241231-ht4bgatlbs
MD5

09d607bb679423c3a1636d922b0470a8
SHA1

29895b10fbb22ea67adc7c05f9bde69dc79d8f68
SHA256

52c44545129a7efe21cc8a3b71a4166af528a5b5142425617dcc907f62471478
SHA512

90413037654dec1ecdd469cdc8a863ae82ac586a30f9e683aa1b9e3f8a54bc494fb99860f4fd4af4e5bc1da6974501af5a3c91e063fb762528f2f559a23ce0b6
SSDEEP

12288:rYG8GLVeUF+bZnoD2kUQf3zyJQ/aEy+W27jIhyeNnCZ:0G8GLwA+bZWXUQfDyqCINghygnCZ

Score

10^/10

expiro backdoor credential_access discovery evasion spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_09d607bb679423c3a1636d922b0470a8.exe

Resource

win7-20240903-en

expiro backdoor credential_access discovery evasion spyware stealer trojan

windows7-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_09d607bb679423c3a1636d922b0470a8.exe

Resource

win10v2004-20241007-en

expiro backdoor credential_access discovery spyware stealer

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_09d607bb679423c3a1636d922b0470a8
- Size
  
  645KB
- MD5
  
  09d607bb679423c3a1636d922b0470a8
- SHA1
  
  29895b10fbb22ea67adc7c05f9bde69dc79d8f68
- SHA256
  
  52c44545129a7efe21cc8a3b71a4166af528a5b5142425617dcc907f62471478
- SHA512
  
  90413037654dec1ecdd469cdc8a863ae82ac586a30f9e683aa1b9e3f8a54bc494fb99860f4fd4af4e5bc1da6974501af5a3c91e063fb762528f2f559a23ce0b6
- SSDEEP
  
  12288:rYG8GLVeUF+bZnoD2kUQf3zyJQ/aEy+W27jIhyeNnCZ:0G8GLwA+bZWXUQfDyqCINghygnCZ
Score

10^/10

expiro backdoor credential_access discovery evasion spyware stealer trojan
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Unsecured Credentials: Credentials In Files
  Steal credentials from unsecured files.
  credential_access stealer
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops Chrome extension
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoorcredential_accessdiscoveryevasionspywarestealertrojan

behavioral2

expirobackdoorcredential_accessdiscoveryspywarestealer

© 2018-2025

Terms | Privacy