Extracted

• • Target

    fc1707fcb742d93bf0f7808fb8d2e556_JaffaCakes118

  • Size

    596KB

  • MD5

    fc1707fcb742d93bf0f7808fb8d2e556

  • SHA1

    c0ca459a87ec8a5257108876bc8e7acf42638126

  • SHA256

    1d7cee63803dcd2695a0495e91a8a116cf57c2fcea60233ab15a3dc60d26bae1

  • SHA512

    1d37de1f777adb7b3a3ce89fa165410178c3f125de53a24f7f622f128c0ac35d94133ff0b9932a11aa6203849b964799007a6a4ddf18608726062860d2747fd7

  • SSDEEP

    6144:3f3KJtXH9d13vggfomhE2UfMxebJtgx+bqcmN9RZX5NQ3B7O:3mtNd1RQm6NKGJaxUAN5X5qx

  Score

  10^/10

  metasploitbackdoortrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2