expiro | ae65285601c6ff79cdbb20ba22cd67974f4f63fd1912fe2ce8136cc2f250a740 | Triage

Sharing

General

Target

ae65285601c6ff79cdbb20ba22cd67974f4f63fd1912fe2ce8136cc2f250a740N.exe
Size

560KB
Sample

250208-erjbqsvkaw
MD5

67361afdf7f8e4064dfe88eb828f94b0
SHA1

3eb9553078646ef02508664e8e0e50579fd7718b
SHA256

ae65285601c6ff79cdbb20ba22cd67974f4f63fd1912fe2ce8136cc2f250a740
SHA512

a79e6f520bd050a2b96bef81ead21453adc8be9c66fe2a6dd5f3360c5983f67e340067e985ee57b2ee01eb3ab60e7f4ea3dd7b076e6d770c18ac82dd26cacbc5
SSDEEP

12288:uU21WxWIQbsXlZHzNyikxjF8tTiOyC9YZg:5Cb6Hz0i4jFMTiOyF

Score

10^/10

expiro backdoor discovery

Malware Config

Targets

- Target
  
  ae65285601c6ff79cdbb20ba22cd67974f4f63fd1912fe2ce8136cc2f250a740N.exe
- Size
  
  560KB
- MD5
  
  67361afdf7f8e4064dfe88eb828f94b0
- SHA1
  
  3eb9553078646ef02508664e8e0e50579fd7718b
- SHA256
  
  ae65285601c6ff79cdbb20ba22cd67974f4f63fd1912fe2ce8136cc2f250a740
- SHA512
  
  a79e6f520bd050a2b96bef81ead21453adc8be9c66fe2a6dd5f3360c5983f67e340067e985ee57b2ee01eb3ab60e7f4ea3dd7b076e6d770c18ac82dd26cacbc5
- SSDEEP
  
  12288:uU21WxWIQbsXlZHzNyikxjF8tTiOyC9YZg:5Cb6Hz0i4jFMTiOyF
Score

10^/10

expiro backdoor discovery
- Expiro family
  expiro
- Expiro, m0yv
  Expiro aka m0yv is a multi-functional backdoor written in C++.
  backdoor expiro
- Expiro payload
  backdoor
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

expirobackdoordiscovery

behavioral2