Extracted

• • Target

    447018747bb1d4d1428075608440ad52_JaffaCakes118

  • Size

    202KB

  • MD5

    447018747bb1d4d1428075608440ad52

  • SHA1

    73fc3ed65261e5f8455d03ff63b12d0e72833d0c

  • SHA256

    8328c10e0d2bffa1fd91956b47549f89b27ee560ceaa622b3ff4a205b31b4f33

  • SHA512

    02cb15d85a939c521e8de4ef6989f4704c421f2351cbc20d48f81f4b432d673e7ee2bead3e56d59448c203f7292e14e0cf1a27100aa46169600a4b4df4188605

  • SSDEEP

    6144:/S+Fau0KN3GvqCkwNj0iIinvXhNNlTxTcIOK:/FUkNTCHjhIWNNTca

  Score

  10^/10

  metasploitbackdoortrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2