Extracted

• • Target

    ea1948163146fb253f7c28a1afe77f7b_JaffaCakes118

  • Size

    239KB

  • MD5

    ea1948163146fb253f7c28a1afe77f7b

  • SHA1

    19c07b297aa70d25de8bc83cfd80603f7abb3f58

  • SHA256

    b2ca8ddbae694c93eef254de36e749cd506d4d50962c284ee1ec7bf59492fd30

  • SHA512

    6e15a2120695831e024ad45cf72a85283b137a445d76ba9e6e7c45606af2f79931864cee481ff398bfa10bd2951c41d09618c842ccf51ececfa36179f8525364

  • SSDEEP

    6144:txCppZZ8PySTftmck9eCUaAAmlgGgUE42:txCb/af0cpCU9ArGgUO

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies security service

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Network Share Discovery

    Attempt to gather information on host network.

    discovery

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2