Extracted

• • Target

    dd052c3073b8f29720d0a20b96b932ad_JaffaCakes118

  • Size

    240KB

  • MD5

    dd052c3073b8f29720d0a20b96b932ad

  • SHA1

    09bbe2f8b18d04486319f0215b629f2a1b5da3bb

  • SHA256

    c158c37fd4b94dc68470343fc1753c1d2e5b117294a151c28de14af5ef246e04

  • SHA512

    a1bac3159c743271b9dac992aa0fdc8f1268140dfceccf8b757a048fca97adf9dcfbf1ae667e289751dbebcec108de672e05768139c8b3271a57ec23134fbe02

  • SSDEEP

    6144:TFEZhgTJvIzboy9WEcUMDNjaEsiIW3YgXP:TFjyUy9WoMxOEsFOXXP

  Score

  10^/10

  discoverymetasploitbackdoortrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2