Extracted

• • Target

    677db9afd4a7dab39e559cbfcb8de21d_JaffaCakes118

  • Size

    152KB

  • MD5

    677db9afd4a7dab39e559cbfcb8de21d

  • SHA1

    ddd9249eae614e40c351f953a59f73a3c9a066a9

  • SHA256

    c246562d445a87510ca922f72562f5643774f534d87150b5ea419f33e152fd10

  • SHA512

    2a64376f0f7dcc42620ff7a41c7000f7385c95818c0771ef056720c438ea9c318f2f572052c1d0024c4ae2d17c6169a9c94de82151513d57c92ecd8123d7f92e

  • SSDEEP

    3072:Rsre8BcmZEUfhWlzDVQxLAaC61PG1Ff/y+l44P:JyESwlDVeN1S44P

  Score

  10^/10

  metasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2