Extracted

• • Target

    d81298735dcfdc5ed532cde4fdcf3c9c_JaffaCakes118

  • Size

    144KB

  • MD5

    d81298735dcfdc5ed532cde4fdcf3c9c

  • SHA1

    3b9478cf8b620ca828161b1bdac8c04e35955e52

  • SHA256

    0297a2bc918f8a927ac4be3ec6b26c63faa0de8351220dd9a1cb1bfc7227602e

  • SHA512

    e11304c188e4c3c22faf5a3e713a75bde17309e4ff49804134518edb6215ca99e2c9ac0d234c8fd73510b335c82538a0fb73763dba068eb926387894c380a7a3

  • SSDEEP

    3072:QGLmymLdfTl1paT3bbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7rFi1R:QvTU/wvP6bQ7yMP+DE827rFWR

  Score

  10^/10

  metasploitbackdoorbootkitdefense_evasiondiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Drops file in System32 directory

  behavioral1behavioral2