Extracted

• • Target

    a90c9611e9628737275d0500ac66829e_JaffaCakes118

  • Size

    277KB

  • MD5

    a90c9611e9628737275d0500ac66829e

  • SHA1

    552870733c915b4916aef1b5658d18000545103b

  • SHA256

    661afd2166a460e2132dd93e3110e1c358d5577a2513dd11a16cf802809e7df6

  • SHA512

    dd7e02eff459c6ca9c7d1a2529346f4887c34e877efa45424d758b7eb6444bbd07b4c8330c78b33d75c2a58e15e4526d31957ec0c08bb3d7695a936958b8e64d

  • SSDEEP

    6144:3IKN1rzAEeMljHQvhHSbFv7WVydI36GGUttGAt9KoPjRv:Yi/svhHwcgeDGgMMRjh

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2