Extracted

• • Target

    e20a2e09c3050c02b1bd800a06f7b2ef_JaffaCakes118

  • Size

    168KB

  • MD5

    e20a2e09c3050c02b1bd800a06f7b2ef

  • SHA1

    63218ed0508f58e6249ebeb567bd36898c02fa8b

  • SHA256

    a5194d524d6873a0c9b353153e9d73b16022567224a09f46d9ccbf251cf6c8ac

  • SHA512

    581f1276a853cc9277ce20202cd78ae2f33c4802ce0d07cf964e397a8955ab49d9a23faacf66a96387b57040221dc1bfbf1bc09c7e85fa9b5cf04a9b288e8d84

  • SSDEEP

    3072:o194BB9ZN91eRHm02Voe//OH+PHfvCvC:Yubj4RH2VokfHC

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2