Extracted

• • Target

    8d46fc841330aac1e5160ef5b6bb578e_JaffaCakes118

  • Size

    165KB

  • MD5

    8d46fc841330aac1e5160ef5b6bb578e

  • SHA1

    f6706ea004e5377cb82a9c7dbe4cc44f9c5410c5

  • SHA256

    fb9f72e4cb7d4c84593d62fa790c9bdd357ae374c6ea020794314799f23b55bd

  • SHA512

    14d65d29fbf5bdcefbf08537660e74d7f8b971bf49a50584c1d50aa71c7c04215e43028d0c0a95e31826797fc67437df25deb006cdf7646f2d734a01df241ff7

  • SSDEEP

    3072:jae94oFhaaOEFuYvRU//3y5aX3jFI/s8QAXjVKiPD0EMvE9YWoL4V3NXMto:Vlja8FuYq3i5k5+sRAzRr0EMGYlsjEo

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2