Extracted

• • Target

    d6e0f910f6dc906f6055af025b2ac200_JaffaCakes118

  • Size

    160KB

  • MD5

    d6e0f910f6dc906f6055af025b2ac200

  • SHA1

    f6a2b1dc32defba4d19cf6b4411c564b8c775060

  • SHA256

    2739685adca05cfa408b1f53f18e2aa4a410351faf26016ccb98feeb18f0c69c

  • SHA512

    1203962dd7d08e242c462fbf836d0dc22718874d36370a5b31d486a43e412c64ae9626b6a7a5772944ad053645d075b84a2c2f91347fffb75aa87f0efa1f45a5

  • SSDEEP

    3072:u2GtnZTaLPEXPyr8D1PHGvKxIYc4UCo7lYgCc1qRLHWKs:uRZIGKr8D1PdxIz4UCylZgdHW3

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2