Extracted

• • Target

    c59d6896224266655faa7bdf6478ff08_JaffaCakes118

  • Size

    214KB

  • MD5

    c59d6896224266655faa7bdf6478ff08

  • SHA1

    2453856bada31197671ce8d5c845169a185eb604

  • SHA256

    e8d610e3f2e1f74709b0ebd886acd017fd5d48fee94f50f04c3cab128ce3a345

  • SHA512

    6fe92cce102070e7b874f6d6405c6f9ae789f3bc083fc378905dd0517f0bf0779c48c0609facd5cd252653b6a2a55e27459b1a55caa275d73d6dfe5d9e131ede

  • SSDEEP

    6144:JoW05D1fPM203JEIyCk4v9XeYQGpKBZsyYVJ1Fz:Jo/ZP03JEnfJYQkK9EJnz

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2