Extracted

• • Target

    c1b66518ca3bfc089466bb62da627951_JaffaCakes118

  • Size

    172KB

  • MD5

    c1b66518ca3bfc089466bb62da627951

  • SHA1

    18b4ecdb441299cda5f1423e185ebcdc31b7c4d5

  • SHA256

    e0141eb37454ac2c0a9ed115d93b92f0d74f663471f7a2994fc5efd65cf6d2fe

  • SHA512

    fe6ea6d049b2cb96b22f6128d7c12dc96ab1fc572b3135600c90a60b04abb7ab6e90bfcaeb2c8410b0ed195db790fd7fb8cd07445d5cfdf4f70b36f077ad6139

  • SSDEEP

    3072:IE2He2ONuUxQfLDeqYS8mNJsfbN6JT9+ht:I5+vNuUxAqS8mIToT9q

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2