Extracted

• • Target

    df12f62ba1ae1cf9a624572dc3f8f10d_JaffaCakes118

  • Size

    1.8MB

  • MD5

    df12f62ba1ae1cf9a624572dc3f8f10d

  • SHA1

    b80f622e76ba090a10c8bb7438877003acb249e0

  • SHA256

    348ed02a9d00847bed951010c7af7cb9e0fdb41fcddb779e7e760cc251e346a2

  • SHA512

    ff6205052c0d9a49ec361742982f6d50f22dce42549f289ec4241ee54cff80f043cd6091cd07c6ed5cff5e708f26692621eedc9c17c5fd2e607e2970e730b088

  • SSDEEP

    49152:uUy4m9mg9uJBMODTSVBGxYWWiwHIeGg4r05iPr0kfYhlOd:u5RAwuJpTSVIYWWiwH9Gg4r05iPdmOd

  Score

  10^/10

  metasploitbackdoordiscoverythemidatrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Themida packer

    Detects Themida, an advanced Windows software protection system.

    themida

  • Drops file in System32 directory

  behavioral1behavioral2