Extracted

• • Target

    8bb0de12653c79c491ccd88cbd4d9c38_JaffaCakes118

  • Size

    244KB

  • MD5

    8bb0de12653c79c491ccd88cbd4d9c38

  • SHA1

    e0b1562e1f8846a7c3198d1490b1c275234d60bf

  • SHA256

    ed9fd821b1dfadc00cf953619b290b0f8e2c4f49195c365129365130aa8f2453

  • SHA512

    49c221a5afd5f6089cd9dea8a816a89f6b6df6eb79646c084f2811aaf971c94b07649e83404f9da03000f09533f490d07cb6c64dc795695db66666f206dc8144

  • SSDEEP

    6144:ubNgxYPVpzzN8aYFrPAQk42rpptCjI5y+WFEpQQ:ubNg2VdyFpd2rntCjIVW

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2