Extracted

• • Target

    82bae3fb55086f293b9dd067afe0d581_JaffaCakes118

  • Size

    208KB

  • MD5

    82bae3fb55086f293b9dd067afe0d581

  • SHA1

    2644a4254d501c2beea9059b91c7eb3c54cfe612

  • SHA256

    2ec20590cdbfd31e54b0d2fbe27da444f3a4e9b47046051b73e38a960e40fa31

  • SHA512

    65de2bb79af88bcf142dd937c61ed1a84b05afbe1786d58faf4d9604bf958e4ab164b28ff62a04034c4f166f9b3cfc170e72fc41f0da0f4108aa6289e51f857a

  • SSDEEP

    6144:O5pwTqBE1uharco8/G55AODu3rQbWnON+HWZ+GPE4:OvBEIhloug5AODkrQYONgWgGr

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2