Extracted

• • Target

    d6db9e8a17814f5cb4ffc703a9f7b249_JaffaCakes118

  • Size

    259KB

  • MD5

    d6db9e8a17814f5cb4ffc703a9f7b249

  • SHA1

    d00bb30464d79f7412b3cfc2c6d2449e837d4be6

  • SHA256

    62f7b3663f6458a18481ddfb4bf2e068d2b6e6442649656cca0ff34dbcea409c

  • SHA512

    ed5c9835495694445298c4d6750e8e02ca64db48d885bcc7cc529d18cd3820798517ec7b76942ac190eaa3d7332ee9ba5a2e76d7ac178a6be21278ef3a32e2ed

  • SSDEEP

    6144:BMZwOMbtofsrrXBh5b7jzyQ7YxgDvVV3la:GZwOM3f3hPzyaYGVt0

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2