Extracted

Extracted

• • Target

    d39fccd98f2225bba9db7ba4636ceef3_JaffaCakes118

  • Size

    318KB

  • MD5

    d39fccd98f2225bba9db7ba4636ceef3

  • SHA1

    a333cbb04d50cc455c2084933b21bbb2ef370a4f

  • SHA256

    f2ca01177834859fa2f60bc1d060949ea88c15e38aa2de021f16dfdcea804724

  • SHA512

    e8d8c36f30f0072db21ed2a7c1e3cc4c0301b83d8348d1f474fac9e2228a1666c548da2bca1c8d539dac0cfaf09422659df3a62cb9b2e02876794773b132b0f3

  • SSDEEP

    6144:wtNb6TiU8liKNKCkC2Uus2czyD6FOWqxVyliAy7O6KLRvv7D:wtN+PznJTfc+mjpU/OtpD

  Score

  10^/10

  metasploitbackdoordiscoveryexecutiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  behavioral1behavioral2