Extracted

• • Target

    daf8db2a5f42d747695fab3dcde462dc_JaffaCakes118

  • Size

    100KB

  • MD5

    daf8db2a5f42d747695fab3dcde462dc

  • SHA1

    cce672c5d96360f4322697f042da7fa46833fe41

  • SHA256

    06cf0bf09ae5a8e2f1a0e29fa9aee1f4f17533173c4917ec156acc50aa008467

  • SHA512

    cb213e74f867fdfdb8876b4a05fc15cd9fc7e7ba1c5352acf6e4f2ff8c51144019dcb6e7b9614cd84f6ad219093901db9616a7f93a12f04af40a51277447e0aa

  • SSDEEP

    1536:eAlCqSOVMz0OjzknsqxNa5wXVTZ/fgObourcS644R4fQUWV4liPp3R0Wnjq:eMsqja8TVvMu4SMR4Q1Viivjq

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2