Extracted

• • Target

    daa4c6bec7172d8ac999a9fce4dabe93_JaffaCakes118

  • Size

    267KB

  • MD5

    daa4c6bec7172d8ac999a9fce4dabe93

  • SHA1

    4f965013d1497c6767dd7fbd230b262228bf2b0b

  • SHA256

    ed817bdcb48adc2f8fd16ce462bf53d634ac326f5cf2545beeaa07bcb08b239f

  • SHA512

    74aa037f2f89e4aa8495b771fca2e04189c70ecf3f960e7da802ded52de645246b4877bd65907584970bc3cb7883182c3d09bf788b45d695456ed60732412e54

  • SSDEEP

    6144:WV+RtpxaqIgasEnawhJpuTB2sT2wyLCx0F1cL+I5:mAaawPpBw4g9L

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2