Extracted

• • Target

    a5de8ee506b355479796ab5ce467db22_JaffaCakes118

  • Size

    208KB

  • MD5

    a5de8ee506b355479796ab5ce467db22

  • SHA1

    09fc927ed73ef48bd36d3f809a9fd378db66d743

  • SHA256

    b9640548b82f669d809d1e190016c9ca882578e0cdb350f896cdb7bd07906746

  • SHA512

    8f005994d0a3dac469d624434bebfcbb3613873786ef09b743ebb90fe550d092efc6cef3796b91266f098fb1934b826a1529d9a0d9da01636080cd1e4b863f70

  • SSDEEP

    6144:peCNPi1xvowBaxzsJM3tmXeLdIX4NwJN:peCBi1ewBaxAJM3tZNw

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2