Extracted

• • Target

    9e78ebe8bb3d0358b724ebeef918fbb5_JaffaCakes118

  • Size

    187KB

  • MD5

    9e78ebe8bb3d0358b724ebeef918fbb5

  • SHA1

    f4fbdf8ab4685ebc01cd60845e2be1342a4e729e

  • SHA256

    f45d79d013ad4afe9703bfd29cc2aa2ffb8b974db59dd6434313663ddc8ef779

  • SHA512

    0fc5e8313099aa5c0fdd0660e7e74fcd2a7810d888a1280e70cd2477f863a22d54ba55e16c7bbe15ce0574a4a3509dc81d588a0c535ccb6453eb6971da2b32a6

  • SSDEEP

    3072:LF1XKTKRJ+/AgikuhfTsYBM4GcC2ACpzCXxU+Prgbx+FuB:rXKT4fwyMRcC2PpzixXQxZ

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2