Extracted

• • Target

    f753e71596e634cd0e7b2a8c4a4de154_JaffaCakes118

  • Size

    97KB

  • MD5

    f753e71596e634cd0e7b2a8c4a4de154

  • SHA1

    2bd42f05e910133a69a81bc789190a77b0010069

  • SHA256

    7b39735eab37ce2c500e6d5c875741995688ccdfe94fdcf020d8ecf28bf5e749

  • SHA512

    eace9d5c36316ae15333560c0dff5d12afde984665f19307ed20696f506226692520259a11740001703a9317519eda256829e1f0ff031aa408e227387a09f907

  • SSDEEP

    1536:rvbeN7i4ri12Lstf4LS/p4Yc8p/5C5wown6g6Syu7TYWZKMoF:rSlfScLw4Ns/4OaTugXF

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2