Extracted

• • Target

    d310330ef13f8869ea1701800008ffc0_JaffaCakes118

  • Size

    113KB

  • MD5

    d310330ef13f8869ea1701800008ffc0

  • SHA1

    abdfeba5fe5046006437b8352373dbdee2e25120

  • SHA256

    58ebbbd18b52a2575838b6c49c76bf3c1e470f24eea505f47a7e65fde555ff68

  • SHA512

    1d6568a83949594c2b1338f13e2a5b95609248e51ae629572a5a2c976fbf73ee9f55d7c3697cb2ddfbf62154c72847fef4e65cdbf529e3264439a4bbc964f1d1

  • SSDEEP

    3072:GmmboOJbFdgqt8pCRGy9XqYgqXubbaZ90v5NpXIo:u0OJbFqqOiGyBgqXuvL

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2