expiro | 1e57877a38424cbd825e656812d042c77f281504c4c3af64ba22ec17bf3c6b36

Analysis

max time kernel
95s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 03:14

Target

JaffaCakes118_d96ddeb8e4ffb7a74e2a14b2eb86a344.exe
Size

432KB
MD5

d96ddeb8e4ffb7a74e2a14b2eb86a344
SHA1

d14effb75253e0f16ed1287f4b40e0ee5e5c4160
SHA256

1e57877a38424cbd825e656812d042c77f281504c4c3af64ba22ec17bf3c6b36
SHA512

e9d258a294946483e95bada338208bf3aa8d9c997e49b78b2976fc29bc806908fc594487cc79f3cc0d215cc4ee1a39856dd451b6fcfb4c1bf8fba0f5f53b25d2
SSDEEP

12288:bUCmZiCxaf2Qo6F25ivReh4W6Opb9Vgi7hVf3P:1CxaeQo685ivRecc9VxhVf3

Score

10^/10

expiro backdoor

Expiro family
expiro
Expiro, m0yv
Expiro aka m0yv is a multi-functional backdoor written in C++.
backdoor expiro

Expiro payload 3 IoCs

backdoor

resource	yara_rule
behavioral1/memory/464-0-0x0000000000470000-0x0000000000504000-memory.dmp	family_expiro1
behavioral1/memory/464-1-0x0000000000400000-0x0000000000504000-memory.dmp	family_expiro1
behavioral1/memory/464-2-0x0000000000470000-0x0000000000504000-memory.dmp	family_expiro1

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d96ddeb8e4ffb7a74e2a14b2eb86a344.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_d96ddeb8e4ffb7a74e2a14b2eb86a344.exe"
1⤵
PID:464

memory/464-0-0x0000000000470000-0x0000000000504000-memory.dmp

Filesize
592KB

Download
memory/464-1-0x0000000000400000-0x0000000000504000-memory.dmp

Filesize
1.0MB

Download
memory/464-2-0x0000000000470000-0x0000000000504000-memory.dmp

Filesize
592KB

Download