Extracted

• • Target

    d0ff0563e7d5bdf78ed5450c05d5b52e_JaffaCakes118

  • Size

    143KB

  • MD5

    d0ff0563e7d5bdf78ed5450c05d5b52e

  • SHA1

    ea8a9227d6ec1388583f875af4635b6489299689

  • SHA256

    dbc46624234d564894a312f4cf66e1877a97193f8feb9693345c7c6b72ff20ed

  • SHA512

    b38ac876efc49b5fe058af070e0e996bc787b0cbc32f5413f86945a07507a86c47d275cbf550958ce37497cba4fc2ca8fac2f5b94dc3ecb0f5f78a8f511d539c

  • SSDEEP

    3072:1aA2xLdvPFfj9Oe3bbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU749HxL:t2zJsuwvP6bQ7yMP+DE82745h

  Score

  10^/10

  metasploitbackdoorbootkitdefense_evasiondiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Drops file in System32 directory

  behavioral1behavioral2