Extracted

• • Target

    ca82637cd4c3c64d76d47d15af8c6f39_JaffaCakes118

  • Size

    263KB

  • MD5

    ca82637cd4c3c64d76d47d15af8c6f39

  • SHA1

    c69bbd902ca603bf0eb3692591045019abbc94b7

  • SHA256

    ea408464db74adbe3aa2dfc86a9d247a034e34d2b170b53a00ea3e052c5f6ca1

  • SHA512

    10cb28005dc304562773269329a04d6ebba9dac67fb40f221aee54550df8d6ed742acb1cfb06cabb7d116d83a4f11b2865fc1cc291293f7e4897c64ac55fbbc7

  • SSDEEP

    6144:UB9MqnBy2n0wcfMMRcJc7FIaQbuA1uk5v2C/2YK:UHXE2n0w+cJc2Ik5vZB

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupxevasionpersistence

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies firewall policy service

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2