Extracted

• • Target

    dc0b1b3f27ad7d84bbc3e05f9481109a_JaffaCakes118

  • Size

    243KB

  • MD5

    dc0b1b3f27ad7d84bbc3e05f9481109a

  • SHA1

    c0325f71da42b15a9ff8fb6dfc3183b1d195d3de

  • SHA256

    aec91840021bf048d278bbc98c2d6538a48c93f9b16cac0339be326783e8f2bc

  • SHA512

    7baaf946ae8565726b16289eb5bc3753cb18bddb1fa7e72f026e3b663290ea6e8915bbef7d0e4f329dc465727595aeffeafe9e28c1523720f7a62eec519291d5

  • SSDEEP

    3072:S3b/eHVkDXy7HPaLGEqDNw7/tPYSRwjVxKx9YLRd3o5/mSB9oySEpin4DO87+DLH:SiHVkDXiaLlGQ1RUVtLn3E1B9lS4HyzL

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2