Extracted

• • Target

    f4dc8053b4178a53155eb92435168800_JaffaCakes118

  • Size

    223KB

  • MD5

    f4dc8053b4178a53155eb92435168800

  • SHA1

    597f2478c4157a70e34208cd2b133327891a4083

  • SHA256

    3b9ccb135e960529460f394ba8b4732c65747dc0e2165c594c58371eccc14ed2

  • SHA512

    be4c3080082a5f0d43ed3e13a2058aa1ae490398d0ced968ac2c35b502722e6c314f484dc7b9dbd9c8a86e431a516e3de67c5dca4a168d50224ff75b1317c44c

  • SSDEEP

    6144:wV6U2fqm8ySdqpr4V9uuh2j1jJs/dA6MKjHVl:S3Qqm8ync9uuMj1jA9MW

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupxevasion

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies firewall policy service

    evasion

  • Drops file in Drivers directory

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2