Extracted

• • Target

    d3cccef760b16a7e43adf4b21549de94_JaffaCakes118

  • Size

    113KB

  • MD5

    d3cccef760b16a7e43adf4b21549de94

  • SHA1

    844f9b7489578e74268fb66b7090ee9f9c24dc36

  • SHA256

    8bda584b13deaa84c675aaec1625e02c0784a23ae00a55b3be7bead0d1459d71

  • SHA512

    fcb736975e4177850e1458a0c88a74e758fa2ea2e4f1814111a481dc91df0f0b04b45e6bd6a109fd658f508091a199ef1c12e7eece18ddecea0cd407cc0d8689

  • SSDEEP

    1536:GQ5+RW7xnn9v1zdQemrkGxyrTu9qe3i4MmgjEOXANQVrk0IzetC4H4bbqh+:4RW2gGxyrTu9qe3i4Mm4bk0IzecqM

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Uses the VBS compiler for execution

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2