Extracted

• • Target

    a96cd4209be6d6310f4d5a5cfa12c367_JaffaCakes118

  • Size

    268KB

  • MD5

    a96cd4209be6d6310f4d5a5cfa12c367

  • SHA1

    014fe033dbaa8c1bdefa25839aaff272d34cd636

  • SHA256

    761842a404f0451189ac30415bf07d18c0957a27a17206aa2881e528666c47fc

  • SHA512

    a25e17cabf80ce0e03da228278653d69a584a711c8e297f5c55cb7cd6280d0b0492780f03604c22b2484028a8e8b7c9889036334de826d6bab171d015dff19e8

  • SSDEEP

    6144:ke3rGJPGVuO2nAJB2lzF6H/NFkakPQ+TQtgHRbbNsBV:ke765O2mIoHlSaWGA/NsB

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2