Extracted

• • Target

    e292013659dfe912e09b363391f6ff4f_JaffaCakes118

  • Size

    319KB

  • MD5

    e292013659dfe912e09b363391f6ff4f

  • SHA1

    b122e028455dda9b532fa54b59b64fa6a4ac0fa0

  • SHA256

    3dcd13dcc17390d33b0b323eacf586523fda662a8f19f20b68a49702f3461640

  • SHA512

    ed72b69c23b8ac9815f5776d2f086ed6b54529583ae1eb7c86b0aeac134f660b46b10c8a6f26dc3dd6a623b19cbba8a63b5b79b7e5be34591c70d024fb058e22

  • SSDEEP

    6144:NT6GAxmPR9rgWa1/HBXx7IXSjw5+Q9qeVfxq4LcpOtReboZ:NtzVdW/Bh7ysw+Q9qe/vU4ebK

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2