Extracted

• • Target

    dd9afd05e2588e12464f909e9eef09e3_JaffaCakes118

  • Size

    3.3MB

  • MD5

    dd9afd05e2588e12464f909e9eef09e3

  • SHA1

    015b80bd356ae110a15aeb966bf19bde654eb53f

  • SHA256

    50a60fdf160af70aff8aa7a1c3ff2d5df950221e70e630f42d7728c138f98c20

  • SHA512

    91c74e89a97b601f13e431a79a2eca3bbb5e5cbf66508ed44f28b4e1c8b507c8fce8d5de35d040480f13014602fd652e6d735f0b9b451343e761219cbbecff00

  • SSDEEP

    6144:JHaJJHw4QDiTDXXT5xYQYMfmTjgYhLrrlwnflVBK:EJHtQe1uYfWwBK

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2