expiro | 5f2ea26e9e83ec7f5a1ab68a36c519dd88ec22af49a188ca056b85c0fd7ba5af | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...b3.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_9b6aa967050c2117938265bcb30896b3
Size

625KB
Sample

250105-lp3e6azpfy
MD5

9b6aa967050c2117938265bcb30896b3
SHA1

08a5525da893c3a8ea325761f926d8038db2072b
SHA256

5f2ea26e9e83ec7f5a1ab68a36c519dd88ec22af49a188ca056b85c0fd7ba5af
SHA512

e2b69e21942c16e6e3ce610634d3696368c445e168197e8752ff95587b4d5aea10480696a084b428fb524d0bb7cb1138c24e4073c8766f2eb25bd55d7fbc984f
SSDEEP

12288:TVt+w8wyv//66WoJMH4xBLc8A5N2m2gxRFTLxT4NH:5t+w5yvDJs8JtMHxT

Score

10^/10

expiro backdoor discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_9b6aa967050c2117938265bcb30896b3.exe

Resource

win10v2004-20241007-en

expiro backdoor discovery evasion trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_9b6aa967050c2117938265bcb30896b3
- Size
  
  625KB
- MD5
  
  9b6aa967050c2117938265bcb30896b3
- SHA1
  
  08a5525da893c3a8ea325761f926d8038db2072b
- SHA256
  
  5f2ea26e9e83ec7f5a1ab68a36c519dd88ec22af49a188ca056b85c0fd7ba5af
- SHA512
  
  e2b69e21942c16e6e3ce610634d3696368c445e168197e8752ff95587b4d5aea10480696a084b428fb524d0bb7cb1138c24e4073c8766f2eb25bd55d7fbc984f
- SSDEEP
  
  12288:TVt+w8wyv//66WoJMH4xBLc8A5N2m2gxRFTLxT4NH:5t+w5yvDJs8JtMHxT
Score

10^/10

expiro backdoor discovery evasion trojan
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscoveryevasiontrojan

© 2018-2025

Terms | Privacy