Extracted

• • Target

    f2201039a561e5769e358067eb515967_JaffaCakes118

  • Size

    202KB

  • MD5

    f2201039a561e5769e358067eb515967

  • SHA1

    e09f64763149330dc566857a22b6b9d5bfb983ae

  • SHA256

    98f045d8f7daec9e2c0c899ab4780601c9968c8daab11db22bc7f0c7ea9672aa

  • SHA512

    884fdb9943af21f35251953b1a04cb56014b9fde5cc2be5cce3a14bbfa1aad6962b2bebd334c053eebf4670a2f51180701fe8e25bf4bc227d08af5d8eae4c188

  • SSDEEP

    3072:AJPbQZZ5tMT21JOGB2gTFfPIVzyU2MsZEDYRktsqRkRxjZ9xV3n0HB0MFdtKE:qPbYZoCfOlgJhUKZssqmRxC0MtKE

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2