Extracted

• • Target

    bbb1d22b302dc4c04430f9caeb443860_JaffaCakes118

  • Size

    198KB

  • MD5

    bbb1d22b302dc4c04430f9caeb443860

  • SHA1

    94d8cdfe4ab0790952196bfc521343891c8ff25b

  • SHA256

    d02b54ecb6818a83c7a9d11d694d9ebce75587b186790c00d2a49a4038893c5b

  • SHA512

    8e8627bb0016c61e0001f603080404f952b5221d8af0b2bbad47ec9ef7c63f637124feb93faa6ff9dde6db1b3383463d49ea8d1332228817528877a9aff7e715

  • SSDEEP

    3072:ra5IHwrHptvrOhCiIC8rtLLo1D0rGIZCgzlAORRs85MmCaMwuT3gX7Zbxs3K3:ravHptIEnoV0aCCgz+ORRZ5MAp9dbIK

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2