Extracted

• • Target

    f747007de3cb01e70c1170572951cecc_JaffaCakes118

  • Size

    168KB

  • MD5

    f747007de3cb01e70c1170572951cecc

  • SHA1

    6f683e1b46bb7aa6cf4939d02fc2a8d0b2411fe5

  • SHA256

    5b3e37227741161c58a39386fc7d48013ad2d4a43b3826f1cc35d2bb40e0b44c

  • SHA512

    d1ce4370a17b1904188846e25b13487762e1228b99e312371aaf0144f87c3cb85776d8508c3e7f6b385b2d0a8c64388df0d927bc91e1e7495f3679d96c37f95a

  • SSDEEP

    3072:dIM4k11DfZS5sXm7mgD1Z+cqw6/BiuDVH3rO20ME4p80OhKdC:aG11Df/XomgT+a6/B/Zsd0goC

  Score

  10^/10

  metasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2