Extracted

• • Target

    f229b1a16bcfb54da9ab0f8ebf867893_JaffaCakes118

  • Size

    275KB

  • MD5

    f229b1a16bcfb54da9ab0f8ebf867893

  • SHA1

    0cef6a5f6f8556a21ec0178939f751a83aaef142

  • SHA256

    d8cdbcc8242341bbe31abf95d03323ede43b1b42918151b76a0eb2acf9987779

  • SHA512

    c5e26bd3b7d826513cba42321209f0e8d7b387e7202db6e425fdbf57747182115bed21005b91bfd690f6b3b8fc3437cc1066e8ee225dabb71ef7bcafbcd7c081

  • SSDEEP

    6144:doW592yiazyh4aabRqnzIp4mysBGi0q+vU52dXLt4E:GeLQhsnpKQuqOXLtz

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2