Extracted

• • Target

    dcb0b934db547343aff49026c42f2f61_JaffaCakes118

  • Size

    361KB

  • MD5

    dcb0b934db547343aff49026c42f2f61

  • SHA1

    f2630dbf9007805df4a2bcbeafc382290db29740

  • SHA256

    bc75d20e3e1ff76883f7ea2be4d786b89fa5dbbe1657dd62c958fbceab94f5a0

  • SHA512

    74657e2f29741f3c31e1d6a6f73f4ed9d6691444042d2fbcdfe554960fd7b4568b3a73f301d81faaa62c935b9bdf36471cf0393a2daa7b9f63e516a7b1500169

  • SSDEEP

    1536:kvkcib6XuXBx3/vnbiszmOdUO/7M4S+G2a5l1:jcQ6+RxvvaDOzjMn

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2