Extracted

• • Target

    dd83605df83306788faeba72af32e1ad_JaffaCakes118

  • Size

    157KB

  • MD5

    dd83605df83306788faeba72af32e1ad

  • SHA1

    d945ee5d353c56f727459bdae89eab0b8c59c6f2

  • SHA256

    85c9d1f72e27b4328d66d9eb34d5ca0e19219d39f5980c6dc4a4bd1c0be86f8b

  • SHA512

    bf4f5907a645cd9d1c74d391a7562e0160df2ac617633bee518a18ecb0a7f0b0682a952ee49d751ead334c6d1f58e77ce31540696143c6a15eff0f1ac706aec3

  • SSDEEP

    3072:ZJvo9Uul5Wtpm/2jabEzCJmJcN7VCj7cAnXPduXwvS4zSB1HLm1:ZJvomYWDsXbEzCJmJcN7VCXcAVumfqFy

  Score

  10^/10

  discoverymetasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2