Extracted

• • Target

    dd3260b2b47b442bfa9cf2e48ed1b914_JaffaCakes118

  • Size

    271KB

  • MD5

    dd3260b2b47b442bfa9cf2e48ed1b914

  • SHA1

    c58e77d25e6891626b16fe326efb7e9ccff719c4

  • SHA256

    477c9a2c6f9160b95d0c7f33c48f1f900302f8863e2fcad1ff2fb1dd9cd386f1

  • SHA512

    102d1e75b8cec4c10be8d5c11781f1a6b108ae1c1dc52c1ad13b076b9e619f76c26fd075f0834835ebfcb50996b2d3a3f88a2da7a6e6c3967141b9c2eace1925

  • SSDEEP

    6144:+CbrozvAVDa88wPqr6TK6UjlLjqBW5PNe3IKkhm:NbrozKWLoqCFKlLWk0

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2