Extracted

• • Target

    cde18a961db903ddf473e22bc856b626_JaffaCakes118

  • Size

    137KB

  • MD5

    cde18a961db903ddf473e22bc856b626

  • SHA1

    73e1bcb550453ce92e009076e9e5a5b6078f1761

  • SHA256

    dc2d3a37a9df088602faaa2cd6e13b76bfdde97c547a7b1de96c3e5a2df25932

  • SHA512

    3ad70a1b395ad3700b347ad7a537c40f334b74e9c6b7ef7e963bca029a0d16faa82cfa055b612eb0c164ed9a79a25dba217ce91ae91870f7609f7e31396f1e3c

  • SSDEEP

    3072:acdoULbBzcf8p80JRtJkhPib7q3MS+6RdAHD:bo6ycJjoM7hS+6RiHD

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2