Extracted

• • Target

    e189feb2abd4f0705dd9857e1ef3d011_JaffaCakes118

  • Size

    173KB

  • MD5

    e189feb2abd4f0705dd9857e1ef3d011

  • SHA1

    0bf9cdf7d76ff16330aeb500635ec6dc6c2b9fee

  • SHA256

    905d3ef8ccef644ebb75dfd2c6581e60f160f45c48690a6fd44e2a59529e9c36

  • SHA512

    de82b6baf6fcd7708919d8f34078ae9e553be9b79cdef11e3cf060a8c727e0571be6a6be4d531db94908684e46b7396c5f773e6b95cf157fed4f6328410de642

  • SSDEEP

    3072:lCH44oraCJ/+rzxc3N80h/B+chaZi+VST3c1KxIn+DoR/E6atw3kJeN46kSGJ:t4o5Q480h/MucwLc1KxI+Ehd0em7

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2