Extracted

• • Target

    8f9ef0f010a95e55bd3b05937cc82a0f_JaffaCakes118

  • Size

    227KB

  • MD5

    8f9ef0f010a95e55bd3b05937cc82a0f

  • SHA1

    9fb4d985eefbcb5d53f010e24aee392f5073e590

  • SHA256

    1559d716850009fc107e3c3df913b205f94083c8e2401f7741c4b880af9ed019

  • SHA512

    98e6186b87f945cf96ec8e0c1d88bb481bd9f79bd418e8474afd699a4bccf088577e76e04291a278a672b03c2f36a946269431615de7e10cc1644c2ad1e5ba7d

  • SSDEEP

    3072:V2LhpTH2bSRLhtw7f46C7SAkqPx4XoHuxHcacMYMjCFvGnuq0:8VpTWb6LCfDhXoHux80CFT

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2