Extracted

• • Target

    d7b48de67ccb831c7f7affbdb3f0d036_JaffaCakes118

  • Size

    172KB

  • MD5

    d7b48de67ccb831c7f7affbdb3f0d036

  • SHA1

    f8052c9de58970c57cf64fa35fffa0c156b3515b

  • SHA256

    364b6f98b3ce4ca5591247526477a8580653ec6e61a8bd1eee09d5e678f9e31b

  • SHA512

    d5cb142de15e2bd68c8fe9ba70120661c1f7c9df5bd8ac80f4a9fd9dcf30efb1d47aa0d19641e4b7d71cea14761678eaf09a506dadd4cda6e09b53618f5a6394

  • SSDEEP

    3072:3Xi6q0Y+kC8OoxD3y4rWnyDUot9jhYTOFDjy5EW37szsbkRawiopfvE:3iTC8f1yO6yDUoDVYTzEWLsgbqaMpfc

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2