Extracted

• • Target

    d85debc8382033cc9f70898242107151_JaffaCakes118

  • Size

    174KB

  • MD5

    d85debc8382033cc9f70898242107151

  • SHA1

    219cccd498f65960dd6e52e9eb0a65cffa2f6295

  • SHA256

    49bc507dc550da187002cf89cdf11cfae5d8e6684f6fbba4558403f37c690843

  • SHA512

    62a977f6f2c72e19d9fe7b9934b562983bdd0d0b98494d155ce1a1769953132909e1032f5af7b796d200c0e72c74b5000729afcfbef1b5e03059aff875bb76b5

  • SSDEEP

    3072:Cj6q7xMgXwp5HO2JPYPP+Kub0jAodwL2XX60iFOTIkcqE/zzXQQeOUwuA+LbyrK:IjchJPSPwo9dwLn0iFE1FE7zAQeysbyW

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2