Extracted

• • Target

    e5715f682d3b1a90db5d7cd4fe571b71_JaffaCakes118

  • Size

    275KB

  • MD5

    e5715f682d3b1a90db5d7cd4fe571b71

  • SHA1

    802f3604f79f27408e370e42eb18afaba302ba15

  • SHA256

    52e65fa9e8e204eac9a6f61c3b4ceb428ba7fbcc9e604a0645096de69fccc6c3

  • SHA512

    8459f9b214c18cc1a47624a5e77457c108098ceeca8cabc3e5af9df9ce9c1ed884a1cd61be139873118115969ca2b102a9d76e67f0472d216fdb300fe4ad14c4

  • SSDEEP

    6144:cFlDby9XWrnblDonFoKj9+hKwf/E7x4QMJgSW:c3NqPkhKwGx4FFW

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2