Extracted

• • Target

    bc94aaa11cb54dcf3c211af470b7ba4c_JaffaCakes118

  • Size

    154KB

  • MD5

    bc94aaa11cb54dcf3c211af470b7ba4c

  • SHA1

    8c3dbc8108ba0d2e36339286feea7d484550e48d

  • SHA256

    ef354f62f14cc9a691116807f73fab18a1ec3033c7dc415e701066b03d82e9fd

  • SHA512

    6b00faca670f989345da92ddd00580c2d637ffdb35258b799bbe43fd56fc74368ab9852d649823f73fd0809068a99ab8e9fc2f8a42e01f38026bedb52795865e

  • SSDEEP

    3072:UjvopcI+YF+S+18Mwd/aujCuaa+HTNZob5y4KUxuX7FYvk5MN:UjYF+W7a3uHU6y4KBX7S85G

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2