Extracted

• • Target

    ca5c9bba8a53f2f9e122c3a674ec680c_JaffaCakes118

  • Size

    243KB

  • MD5

    ca5c9bba8a53f2f9e122c3a674ec680c

  • SHA1

    947a98d43d32fde4ed2b599b68b845d1b130881b

  • SHA256

    3febc09bde4c5d583075bdf4ccbf333ad597624c5214b28b7016a3434d09c2cf

  • SHA512

    631e04665168d0f29ef48edc2c80d8a95be9c33f0f22cfad7a8bd2e29b9bb6c154b9cd915c12efa51eadf53d832c1c257489374c4267c150767847231f2fcf23

  • SSDEEP

    6144:maX+lPhTr2MwPUAJWVhzn8YfSIw8Bx0Sz4WxP:NX+lJTreJahb7fSOBx0I

  Score

  10^/10

  metasploitbackdoordiscoveryevasionpersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies firewall policy service

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2