expiro | a3a0ad90fa7f0dee991112e3e30a8f48264c6ca2030ca7e8d5da9144936796f7 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...90.exe

windows7-x64

JaffaCakes...90.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_69ed8d950ab11568faf970c77050ad90
Size

674KB
Sample

250103-dw9ttazqdk
MD5

69ed8d950ab11568faf970c77050ad90
SHA1

94590af7ceeda99dc57e82f8e31c4078e966d530
SHA256

a3a0ad90fa7f0dee991112e3e30a8f48264c6ca2030ca7e8d5da9144936796f7
SHA512

ffa06f77f0707e5ef6a0ec0b85c4166066c7167e9c4a0d5bfed627704a0da308e5316b36c3b9c0cdf1862bc00dbada8006e7b009f5baa557b5311cf3e260f21d
SSDEEP

12288:Io8IJt524U/eCC02cSpVAqA+lOBsuVdC5D/ZLx2KXa84svzvF6TU:Tn524fAWlOYRzaDczt6T

Score

10^/10

expiro backdoor discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_69ed8d950ab11568faf970c77050ad90.exe

Resource

win7-20240708-en

expiro backdoor discovery evasion trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_69ed8d950ab11568faf970c77050ad90.exe

Resource

win10v2004-20241007-en

expiro backdoor discovery evasion trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_69ed8d950ab11568faf970c77050ad90
- Size
  
  674KB
- MD5
  
  69ed8d950ab11568faf970c77050ad90
- SHA1
  
  94590af7ceeda99dc57e82f8e31c4078e966d530
- SHA256
  
  a3a0ad90fa7f0dee991112e3e30a8f48264c6ca2030ca7e8d5da9144936796f7
- SHA512
  
  ffa06f77f0707e5ef6a0ec0b85c4166066c7167e9c4a0d5bfed627704a0da308e5316b36c3b9c0cdf1862bc00dbada8006e7b009f5baa557b5311cf3e260f21d
- SSDEEP
  
  12288:Io8IJt524U/eCC02cSpVAqA+lOBsuVdC5D/ZLx2KXa84svzvF6TU:Tn524fAWlOYRzaDczt6T
Score

10^/10

expiro backdoor discovery evasion trojan
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscoveryevasiontrojan

behavioral2

expirobackdoordiscoveryevasiontrojan

© 2018-2025

Terms | Privacy