Extracted

• • Target

    db2ba6dc7a5e79e207d16345629c5e74_JaffaCakes118

  • Size

    174KB

  • MD5

    db2ba6dc7a5e79e207d16345629c5e74

  • SHA1

    aea33d0bc3a390d588fb08b76507210a87e0baf6

  • SHA256

    e52e5dc7705774b3ac9d740616f93a05602b3c8c59c9aadb9250ed8b21265204

  • SHA512

    79ddb9bfc1977751ee5731f397d95e3c719530b2288df2c13463f9af2da7c3a586d017a7e69beaee8fb8eced9a7b1fad9ce1e2c6494b6fbeaa7ee6c6ef655994

  • SSDEEP

    3072:E6obs2IlIG5EgFnJ97o06HN/Hg7ceAHKQ49+duTrXz1+gCbiL417CMmAouV:cSlMgFJ+06NAI1HKN9+MTrD1+gjHaJV

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2