Extracted

• • Target

    a0da183af947d9e62b435e05d15d97d4_JaffaCakes118

  • Size

    209KB

  • MD5

    a0da183af947d9e62b435e05d15d97d4

  • SHA1

    30db1357a072883c229cf2aa813c2fe292af59b5

  • SHA256

    dea811627df694d01817f07dec52a31f94e56c8a150aea698fad9eeef765c183

  • SHA512

    fb632680f6b367cfc73650e293ee2a5b2753d99f045e75b5259bcfce2e5d6a3e036d67aaac37f63b206e013022dd338efb117f56d46ee176f3cd2e5aaadbc44d

  • SSDEEP

    3072:Ws5kNxD/sxrstAEHjCfp4ondOhK2bCX+kNNlPR49aauarnSM34tPdudPR:Ws5QxD/sA9H6Vndkp8fauaeMotVuhR

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2