Extracted

• • Target

    b596bb8b956e31b9485e0983f0e5642f_JaffaCakes118

  • Size

    202KB

  • MD5

    b596bb8b956e31b9485e0983f0e5642f

  • SHA1

    8e873f2cefb319e8cc361614c29f371edac9e23c

  • SHA256

    0cf531a21e3135c144069618162aaab16a03a50014e09ec89ce9527f71a65e8e

  • SHA512

    2cad49dea5fc03d3a1bdd46785d96b7659bf25e6e237ecd9498d6bb860d3ec8ad12ad575cc850a2e7bde70ec9821a1846c522c390e57e21ed19ec3d32751ed94

  • SSDEEP

    3072:IvIO+GJioPq+PYAsGgHtRNAswaOluqdZG58ixgHOjDd50RWnKbpgYaqGb:IJHVHuOfIbx8Ojp3KWDq2

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2