Extracted

• • Target

    d3533377832375322ddbbb74cc5345ba_JaffaCakes118

  • Size

    238KB

  • MD5

    d3533377832375322ddbbb74cc5345ba

  • SHA1

    cdcda6610099c7293313aea7c81ed2076cc1488d

  • SHA256

    739ed36031b3c40e9aecd31fe81d20e95875720a74b4ed6a0f4b168a29438357

  • SHA512

    e765279be0b81a673147b6528bf1a4162e7a83cb3771611151428aa6a26658b7881a38a532047c498704f48b09558bb8f64fb3b0aed54e40de4ff69a8ef30faa

  • SSDEEP

    6144:zC3MpH6kDw0RNHxHSK8GfvI9Ns6heKn89dSIc:e3MpaGw0XHJ8GYcWeKnUc

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupxevasionpersistence

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies firewall policy service

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2