Extracted

• • Target

    dfbc47457506f1f84d558fbbf2ed5ae8_JaffaCakes118

  • Size

    141KB

  • MD5

    dfbc47457506f1f84d558fbbf2ed5ae8

  • SHA1

    306923228a4f1f3af2e3a03446c9c29a97b8154f

  • SHA256

    20aae5039a0d9aacc4290b645af3b608c225e40d6640e8fec0170543d2d16678

  • SHA512

    5a144f8b71eaf9fdd72fbf1e0533dfe459e5e7d0ee78ad409ac72babf0b05dab52ae5d9d1ef80389b025da5c84dfa6c2d524667a826939d6ac7fc6fde8ba48d9

  • SSDEEP

    3072:YQ4XIcqkHOZpbrZ3icN5JVn23PW2IQrmequ2I5:NUIcpOZpbrZS6Z23vri

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2