Extracted

• • Target

    ef687378b284cacb06528aa6fc23b523_JaffaCakes118

  • Size

    168KB

  • MD5

    ef687378b284cacb06528aa6fc23b523

  • SHA1

    0d15d41b0b18301beaede43c7d700cf8d72a6e0d

  • SHA256

    0288588d2d906a7875565e96f81b14c86b81e63e106cacae9fbfc47c310c22cc

  • SHA512

    655cd31f66abfdffceb9624fda258cc86393c99a4cdd22693e35f9e6ae07d7bda805e235cd14f5e21227eb9959aa3490e5aed1618e4a6901c245f2f626929f1c

  • SSDEEP

    3072:u6ODXSCl5XCqPpdKdnq2bqv/vUq/bBSRWkHdADOGM8kee+WJEY7X:iSNqKg2bqv/vUCkR9HdADIx7X

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2