Extracted

• • Target

    45b0a0b5687b9686b77ef623233d5633_JaffaCakes118

  • Size

    528KB

  • MD5

    45b0a0b5687b9686b77ef623233d5633

  • SHA1

    083dac3d96a935e361bc346a614843a21db6afd3

  • SHA256

    ddbe05e688ff853900f919c9ad6dd067e53b53f22528d4c7d6b659b83e5437c4

  • SHA512

    254934e1f0903b3998844582f58796670a72fc5fb657ebabe12fbcdab5696f9e205716bcf71c901fbd05cfa8d94897cfd0bbf43112599317fa92bbf3ea8fe535

  • SSDEEP

    12288:8z9ao+rHfxhTIpjGjTzNO2QLru5sRqM/Q:PpT2ajHNAq5sE/

  Score

  10^/10

  metasploitbackdoordefense_evasionpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Drops file in Drivers directory

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Impair Defenses: Safe Mode Boot

    defense_evasion

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1behavioral2