Extracted

• • Target

    d631173ab9e9fa327bbbea013b590c8c_JaffaCakes118

  • Size

    394KB

  • MD5

    d631173ab9e9fa327bbbea013b590c8c

  • SHA1

    3dc47dd70d84de9fedd94712ff1e39af7a5f75bf

  • SHA256

    54b6e8dff23773873d9e694cc20e0779bbad01859da3366ed94a68881923f738

  • SHA512

    9b711bb0e4340ef045ebdf9105f49aed11bce9e6a68ded5bb4671f7331b142068d1280f3703c53e81638833cbbb8406f2c582be6e85cedbf12a7a2e0b4d734ee

  • SSDEEP

    12288:1l+B4C/IqaqJncvvn4F0lcBj1vaMEpcJ:1l7WDJBcXn4DDvax

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2