Extracted

• • Target

    998ef41b461ae6df7b693edeb2f0195b_JaffaCakes118

  • Size

    72KB

  • MD5

    998ef41b461ae6df7b693edeb2f0195b

  • SHA1

    f2371c4f1f8b1440ed5aeeb8a00331f99fafd441

  • SHA256

    e9ecd4e258e73da46b26c75aa573976fc2a512e110c03cc4bc9c4ec3534f75fb

  • SHA512

    96d09c04d950ee88634cc027e79e44408c8471c17b493ef152217b0aefc9c8df592079e76f92b23e419ba04a2d066e51f5679f7f6d789f6dca76c63c4e9527a4

  • SSDEEP

    768:VVQUovJOWTX4v0kuKRlnM6WFwcs8F3q72IT0Jr+qDKpIT7ytckSNdxM4tQ:VVM9kZPeFwZ8F3qvwJrme3ytrcdm4t

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Drops file in System32 directory

  behavioral1behavioral2