Extracted

• • Target

    f00baabf8122e16ad0c5079b60918719_JaffaCakes118

  • Size

    283KB

  • MD5

    f00baabf8122e16ad0c5079b60918719

  • SHA1

    fa8543686e1573a3da3f6b9ec6fdcfec7322d8a2

  • SHA256

    9957cfb9735efb329a3a9d52b96f7a264b1554c54c0fdc74f747eb1e4f0af56f

  • SHA512

    49334be051ad4a70c10b458de990bba748adf85afd83b858727a35b6d964ef2923850771e7c40b4ad7c7f04ad8db509b447ea740a7b34a266c8d22edff8fec24

  • SSDEEP

    6144:eGLT1YfCeK2zIqqDELanQSrOuyXmEpMsbtzVByh7fVP3:efBtMqqgomu4mEpM2tDyp9/

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupxevasion

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies firewall policy service

    evasion

  • Drops file in Drivers directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2