expiro | 9f746b051f80eed711b36e6f6b3d2f9eaf8c70443772adc60ced7d75333150e8 | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...52.exe

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_3bfece7f4ce0035fd1899738f0ce1252
Size

816KB
Sample

250106-1jq79s1kgn
MD5

3bfece7f4ce0035fd1899738f0ce1252
SHA1

c5a03e834a05c00960147c372d25ec13acbf6c8f
SHA256

9f746b051f80eed711b36e6f6b3d2f9eaf8c70443772adc60ced7d75333150e8
SHA512

ff5f9c90854488c4da6d7a17e4ce6fe8d5d2129673448e1914ca689f0db80ce150b0471f5d1062332261c52e906e6386ea0d85cace3bd290fd35e2493ea2c195
SSDEEP

24576:cJW2KjJ4Td3kJnbsPhnzqkHluVwFdBmkiO7Sq:cInJ4Td3mbsPhnekHlmwF6G

Score

10^/10

expiro backdoor discovery evasion trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_3bfece7f4ce0035fd1899738f0ce1252.exe

Resource

win10v2004-20241007-en

expiro backdoor discovery evasion trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  JaffaCakes118_3bfece7f4ce0035fd1899738f0ce1252
- Size
  
  816KB
- MD5
  
  3bfece7f4ce0035fd1899738f0ce1252
- SHA1
  
  c5a03e834a05c00960147c372d25ec13acbf6c8f
- SHA256
  
  9f746b051f80eed711b36e6f6b3d2f9eaf8c70443772adc60ced7d75333150e8
- SHA512
  
  ff5f9c90854488c4da6d7a17e4ce6fe8d5d2129673448e1914ca689f0db80ce150b0471f5d1062332261c52e906e6386ea0d85cace3bd290fd35e2493ea2c195
- SSDEEP
  
  24576:cJW2KjJ4Td3kJnbsPhnzqkHluVwFdBmkiO7Sq:cInJ4Td3mbsPhnekHlmwF6G
Score

10^/10

expiro backdoor discovery evasion trojan
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Disables taskbar notifications via registry modification
  evasion
- Executes dropped EXE
- Windows security modification
  evasion trojan
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscoveryevasiontrojan

© 2018-2025

Terms | Privacy