Extracted

• • Target

    c8ec2fb45b60af2cea321f09acf4255c_JaffaCakes118

  • Size

    271KB

  • MD5

    c8ec2fb45b60af2cea321f09acf4255c

  • SHA1

    af36ba3873a9fbebfb45df930df890ebebd0b587

  • SHA256

    4660abc2b8702dbb0ab46a353f0ecbe1f63df8cd672875d07c8e55701000f80a

  • SHA512

    304330987f48c1dbb7c705f03bbb842e704ced265730c7a5b6276980677747efdd24b222faa1a7668188c02b6016c245cd7a329f18637f35997bcfcf2f2157df

  • SSDEEP

    3072:YQE5xjTRHaxSxzzmACoHEH8MMR6Fek+/ph63LBMaOVDZ34h9kWZhPn97VSNLD:YdnjTRH5dacDd/76FzOBhC9kitd81

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2