expiro | 94f8381d594aba6c3e437775705df6eba8a728403b8063a58b7da54b7ebd00e4 | Triage

Submit
Reports

Overview

overview

Static

static

3

94f8381d59...4N.exe

windows10-2004-x64

Sharing

General

Target

94f8381d594aba6c3e437775705df6eba8a728403b8063a58b7da54b7ebd00e4N.exe
Size

643KB
Sample

250103-tntevsslay
MD5

512487411fc46cb1df352576c326c1b0
SHA1

4f8ebee58fe1a34e44f14d3d5b82c115b62a31eb
SHA256

94f8381d594aba6c3e437775705df6eba8a728403b8063a58b7da54b7ebd00e4
SHA512

32125555f8bc434f79c40d824fb4a451358fc2f0e838f73a658215ed8d4f978d8939e8e4ccab94e49aecf3a1900beb5a248c8d4bc882fe56fd4993ba55970028
SSDEEP

12288:oj32cnr9X6oq8UtOhVUAS/5M74xSkEoedy9cHN5H1dCTD+:A2cnr9X7ZhKASBuPkEoUEINF7

Score

10^/10

expiro backdoor discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

94f8381d594aba6c3e437775705df6eba8a728403b8063a58b7da54b7ebd00e4N.exe

Resource

win10v2004-20241007-en

expiro backdoor discovery evasion trojan

windows10-2004-x64

17 signatures

120 seconds

Malware Config

Targets

- Target
  
  94f8381d594aba6c3e437775705df6eba8a728403b8063a58b7da54b7ebd00e4N.exe
- Size
  
  643KB
- MD5
  
  512487411fc46cb1df352576c326c1b0
- SHA1
  
  4f8ebee58fe1a34e44f14d3d5b82c115b62a31eb
- SHA256
  
  94f8381d594aba6c3e437775705df6eba8a728403b8063a58b7da54b7ebd00e4
- SHA512
  
  32125555f8bc434f79c40d824fb4a451358fc2f0e838f73a658215ed8d4f978d8939e8e4ccab94e49aecf3a1900beb5a248c8d4bc882fe56fd4993ba55970028
- SSDEEP
  
  12288:oj32cnr9X6oq8UtOhVUAS/5M74xSkEoedy9cHN5H1dCTD+:A2cnr9X7ZhKASBuPkEoUEINF7
Score

10^/10

expiro backdoor discovery evasion trojan
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscoveryevasiontrojan

© 2018-2025

Terms | Privacy