Extracted

• • Target

    e525b065c1597c8cea805c4b6d47ba0c_JaffaCakes118

  • Size

    125KB

  • MD5

    e525b065c1597c8cea805c4b6d47ba0c

  • SHA1

    6532616d43504ad8024e6413372d24f47a07014e

  • SHA256

    8bf34df617821470cb2041374eb5933a38d6a46c1880d611e153f2e422b3eeac

  • SHA512

    6e6ebc889eccbe0008cec85a445f2fc20668185264fe26224b6d85bde278f5dc19f2cc1a38df0bd1a86f7b3d1ec2cc6dc9f4cff0456fc2fc67094b2e7450cd3d

  • SSDEEP

    3072:XrFVrY0G5DycvwgTjo9oYkOU0XIj9xGX8/oJcdOx4byqout:70FwguRXJXeI0WqoS

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2