expiro | 9fbfe5b0417d591c3c51c5301c5322ed02ca972c905a6eff573ea97f303b01d6 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...20.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_be8ddd8808afaa3b0ab13a746c001f20
Size

625KB
Sample

250105-1djk8syncn
MD5

be8ddd8808afaa3b0ab13a746c001f20
SHA1

986d6fcde345bfb925d51c4d8ba3f887b924ef8b
SHA256

9fbfe5b0417d591c3c51c5301c5322ed02ca972c905a6eff573ea97f303b01d6
SHA512

54056b8248afcfabf4be927424de0fb2aa1802029358c6e29d69371e019f44396ac9a3d95395c4093c1f03526820e77f3964ecd3adae7a8f02994bf0866ea6ab
SSDEEP

12288:OVt+w8wyv/n66WoJMbN6yYwJGMgTprEyFPcGcSrkCxwMjrO2:Et+w5yXDJ0N6yYwJ3giyFsSbxbrO

Score

10^/10

expiro backdoor discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_be8ddd8808afaa3b0ab13a746c001f20.exe

Resource

win10v2004-20241007-en

expiro backdoor discovery evasion trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_be8ddd8808afaa3b0ab13a746c001f20
- Size
  
  625KB
- MD5
  
  be8ddd8808afaa3b0ab13a746c001f20
- SHA1
  
  986d6fcde345bfb925d51c4d8ba3f887b924ef8b
- SHA256
  
  9fbfe5b0417d591c3c51c5301c5322ed02ca972c905a6eff573ea97f303b01d6
- SHA512
  
  54056b8248afcfabf4be927424de0fb2aa1802029358c6e29d69371e019f44396ac9a3d95395c4093c1f03526820e77f3964ecd3adae7a8f02994bf0866ea6ab
- SSDEEP
  
  12288:OVt+w8wyv/n66WoJMbN6yYwJGMgTprEyFPcGcSrkCxwMjrO2:Et+w5yXDJ0N6yYwJ3giyFsSbxbrO
Score

10^/10

expiro backdoor discovery evasion trojan
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscoveryevasiontrojan

© 2018-2025

Terms | Privacy