expiro | 1b137a226d495f42d56cc886f682deec14132d59bd963a0a5f70f25338d82b74 | Triage

Sharing

General

Target

1b137a226d495f42d56cc886f682deec14132d59bd963a0a5f70f25338d82b74.exe
Size

560KB
Sample

250207-3kf5sstlfz
MD5

9ddf90e850d4f14356e21952e83f5e5b
SHA1

35a893647f52a20ccb0929902fe45bced5e55256
SHA256

1b137a226d495f42d56cc886f682deec14132d59bd963a0a5f70f25338d82b74
SHA512

7c05b9c85df0d56f8e0d7cab592bb44ca1b501b808dd468de1660dab4ed4db1285d10e74a0ead0db106e8355dd5d12897f8451d8e935435f3919134add800cec
SSDEEP

12288:uU21WxWIQbsXlZHzNyikxjF8tTiOyC9YZgx:5Cb6Hz0i4jFMTiOyFM

Score

10^/10

expiro backdoor discovery

Malware Config

Targets

- Target
  
  1b137a226d495f42d56cc886f682deec14132d59bd963a0a5f70f25338d82b74.exe
- Size
  
  560KB
- MD5
  
  9ddf90e850d4f14356e21952e83f5e5b
- SHA1
  
  35a893647f52a20ccb0929902fe45bced5e55256
- SHA256
  
  1b137a226d495f42d56cc886f682deec14132d59bd963a0a5f70f25338d82b74
- SHA512
  
  7c05b9c85df0d56f8e0d7cab592bb44ca1b501b808dd468de1660dab4ed4db1285d10e74a0ead0db106e8355dd5d12897f8451d8e935435f3919134add800cec
- SSDEEP
  
  12288:uU21WxWIQbsXlZHzNyikxjF8tTiOyC9YZgx:5Cb6Hz0i4jFMTiOyFM
Score

10^/10

expiro backdoor discovery
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscovery

behavioral2