Extracted

• • Target

    f7bd4d033dc8ad8abb92bad71742943d_JaffaCakes118

  • Size

    272KB

  • MD5

    f7bd4d033dc8ad8abb92bad71742943d

  • SHA1

    77009159058e8af7dbc8abf13be1e20cf1c846fe

  • SHA256

    29c8f46c98fb0e7415f14e50e98089ce0d01e3d0254734ca1fe0f193a225eb4a

  • SHA512

    499617fe7596777469ec6c652b84c4a881728a68811637f8ecb57cda18bf3b73b5f460289f5bb30bf473fa45e8d6753a55a5bc77c9b3921a013ef71b17d1b51a

  • SSDEEP

    6144:pyAj0KReO5yu54tJdJ0G1+78wY7Dsqp0JdGm52nHNTUq9:pyABeLtJ7F1PwY7SynN

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2