Extracted

• • Target

    e9ae2d2fcf269a2085fd3485033f19e0_JaffaCakes118

  • Size

    62KB

  • MD5

    e9ae2d2fcf269a2085fd3485033f19e0

  • SHA1

    ea5bf775514a60ff39f61292696e95ce5b612b73

  • SHA256

    55ed6766725bb3095e7d5e5fcfe1b0fc4e1901ece9d2f9af1c011dfc80218d23

  • SHA512

    677d33bc67f2d0cb1fe89143155abc32afe2b1d503666fa5f4af414b749013701ffd536a82bfeb6955b491b58c2de22f230d90fe3593700ec973c097ebcc8260

  • SSDEEP

    768:BMCnop+6bFTgg3lfIoVDOZR7wxPoLVaZ62hS2QG+jfkeIJ5+3DmmZaB3ocFEBym:hd6hEirOZhv0ZZlQG+jnIJ5+zHeocFEn

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Impair Defenses: Safe Mode Boot

    defense_evasion

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  behavioral1behavioral2