Extracted

• • Target

    d70bbffde1f96f0d0afc95c46e6847f7_JaffaCakes118

  • Size

    170KB

  • MD5

    d70bbffde1f96f0d0afc95c46e6847f7

  • SHA1

    bdcbdda140a2c5e860d2e49ddd174f34aaa37cef

  • SHA256

    4c2b68261c4bbd54a019852de5495f6791afe4a79b8a51f9e41a0515e4be2ad7

  • SHA512

    114e7e75c36edf741fc8e624a5649ec4b37610408787608bbcc83a251e494aae081f3e836b8f20908ef6456d86ffa104b561c633e4db8c9066b88513f279d689

  • SSDEEP

    3072:P2+45HYgeH+0toWf4V/FqiQPpurbv/5u+8KxpyrW4349pwXIb20GOZ3+28:OYg6f4V/FqiQPpCbvxu+dLr4WpE02lOE

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2