Extracted

• • Target

    74bde0517bfaa57716a5c41ebae830d7_JaffaCakes118

  • Size

    42KB

  • MD5

    74bde0517bfaa57716a5c41ebae830d7

  • SHA1

    e86b760fec68447909840749a2dc3e902245fe33

  • SHA256

    ce52aa08c91400c68d0d265b6647996627989ec671f7069a86d47722fd54c5c9

  • SHA512

    b7ca6152c1a8b92759d02fefc4a4d4a1df1ef538646bde77539a86d78bf666384e39eddb9dd2f4205483a50eb32469ea2cc3afbfc169593c9f95e025b3cf129e

  • SSDEEP

    768:KwxuOK0HUpi+Hn3/AYTcZr9BqZXUYcyqxO9UF3ddJT5sUKE3MqpfSR4LkQKUqpgv:5FziRTsxBqZkYhSOCF3ddJ42MqpaR4Lp

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Drops file in System32 directory

  behavioral1behavioral2