Extracted

• • Target

    4e0e190eb8c9ec60710c13e5debd938b_JaffaCakes118

  • Size

    204KB

  • MD5

    4e0e190eb8c9ec60710c13e5debd938b

  • SHA1

    66f4bcf5ce90e7cb65da99470a3d77861c9bce00

  • SHA256

    ffec84420df66d859693f437168673c87d2a0dd85becf14069431c11fad10972

  • SHA512

    8eaea336ac4fa1599c61fb5c9c7354047b6bb1656d63c2c817b24c4fca968cdbc670ee6b3fe45ba51d7da7b86ad1e0286be2990f7a1d345aa673a88d4d6efd50

  • SSDEEP

    6144:tLEffXH2P822Gbo/2nUvmmUL3poS78WGdBP6cL:tyf88dGbXNr3p57IdBP6cL

  Score

  10^/10

  metasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2