Extracted

• • Target

    dc60397a30f6289a22f2acd6622f566b_JaffaCakes118

  • Size

    272KB

  • MD5

    dc60397a30f6289a22f2acd6622f566b

  • SHA1

    c5f35c53d06066802365df7cb76631c08c971cb4

  • SHA256

    5a829175ac0891f802f73e4c3a826e00455f38917bd726e582fbe0ac7cd7f549

  • SHA512

    fb506d19c96fa35b23295f80c957cd2268d6088176609267132c4a02b2a922a4e870a446304f7e15d0952639b881c0c0dc723eea28d72e56adeb8113a26688be

  • SSDEEP

    6144:7X96kBHAS267CRsYYVdN7abzblMolk5S78+VnfBY:73tASIsjN7e/aG8qpY

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2