Extracted

• • Target

    b502f608de7d1a366003ff151cf73bcb_JaffaCakes118

  • Size

    70KB

  • MD5

    b502f608de7d1a366003ff151cf73bcb

  • SHA1

    49281de4817a1e0a691aac891ddff4bfe118639d

  • SHA256

    fc4acad299014093f342eb4c49a2ae667a2886b0cc4d0f1b8c21bfbba5ec272c

  • SHA512

    c26a55318827fe936824855a8f6fb676fe1a29adc7b2ccbe6826b4045a72218da0b11b0c3412d6a6abf8540094a557ecf50778684db42e57473ecd63c6867b2d

  • SSDEEP

    1536:bOhplcsHv1X6n0III8oKq3xiiF2MrPrSdpJYQBe4Yc0vGnouy8xOj:bOXpHv1O0II3oH3zcNjJYa9outG

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2