Extracted

• • Target

    946b9ddf8ffac1f1afd2c17a3764dd02_JaffaCakes118

  • Size

    168KB

  • MD5

    946b9ddf8ffac1f1afd2c17a3764dd02

  • SHA1

    6074d348d472038c6da3b479ad3d46c8a829dffe

  • SHA256

    5a206b2df16f9abcdc152e342618a2dc58fbff11fd8e2c64d80590702a437dd6

  • SHA512

    4a4abec5a119a63f713e1ebf64baba839bb1205113997ce55398da99c906b76bd1c5f9132df8ea5809f62cee6d1c53dcf8628bcff10932a9505112c71feef775

  • SSDEEP

    3072:4GEEhNJBDZ6Zi0mCdUvogGsz7rMX2sRleSsal2AsFsmzVQN6Fl/WA2RDCi+GBpmj:4GP3Z6gFI1jsz74X2sudfsmzW4Fl/Wvq

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2