Extracted

• • Target

    683915aad800a7595b02d3987d5f5dd7_JaffaCakes118

  • Size

    55KB

  • MD5

    683915aad800a7595b02d3987d5f5dd7

  • SHA1

    d8251674df352ebf31a158cf8877db2e65f95432

  • SHA256

    054f0946448d2ed9734b0c61d65d02d5e439ed96d8fbafa1c4f72e25a2388912

  • SHA512

    c703f52d309807118361898829e7dd2e117e6fd0088d8c86660f4e61a7f3a06e46c9cd286922d8286a3d88c54bdf9009ddadae2151a6b8f5202f0da25e5468ea

  • SSDEEP

    768:4YpwZxu6tyktlflpmS6JHSw9umEh6OZN7cgMLLclkE+7wsAr3Yznqq0NJSI7O:4IGtjt2FSEEhVZVcLc7foLqqMS7

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Drops file in System32 directory

  behavioral1behavioral2