Extracted

• • Target

    a1bdbd9dd382218492ae030ac5583d5b_JaffaCakes118

  • Size

    267KB

  • MD5

    a1bdbd9dd382218492ae030ac5583d5b

  • SHA1

    e0a85cacf27bd38b868c23e000f35c757b2751ab

  • SHA256

    f47cf6692d019d6858c76b9fb1876f6475bd17463ba6178472c5eec45a4caef8

  • SHA512

    294f77494c66099d6f3d5c08e94310b5706178b172504019e084effc91cfaefcb486f461d79f4403a18f8c0fa3132a17fe28d3fd0efffaf195a86927582fba0d

  • SSDEEP

    6144:fc0TbSwrbQpuYp6qdwXG3uMHNvU/OkGhuqBF0mF+2cXTXfrgR:NTbSKysqdPDHBjFB+2cXQ

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2