Extracted

• • Target

    8e3fe199d259c7805e0564e7b9b127f0_JaffaCakes118

  • Size

    197KB

  • MD5

    8e3fe199d259c7805e0564e7b9b127f0

  • SHA1

    e1d5c290cbe2f06505c193f18a459f4293dbff2f

  • SHA256

    d2d8990e4498c6060bb5f1d28a8e303d38cf7381a1faae610083f5f5a4cee988

  • SHA512

    b9087d10c442243abe6f7dc2a2f873d55aabd27fc1594e18d898f22cef14703b1d2d5b5a24c66ed4b130f4af236e902ad44ed0e1623e64f2c408cc1f679e10a9

  • SSDEEP

    3072:6EA6iln4jXG84UhG4NXb+83ty/rpvmkc/cc+WPRwrAPO+BpVOygZR8Nleynex5px:6hzii12HtAmr+ERwrA2AOymaznnACho

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2