Extracted

• • Target

    dd7739debcc86b185525754bf0285d2c_JaffaCakes118

  • Size

    528KB

  • MD5

    dd7739debcc86b185525754bf0285d2c

  • SHA1

    828d8bb036f952dba2b1846a239ef1e833fc5654

  • SHA256

    2b51f15f63b25db5fa9cc9bbf94fd17728a117853ff4e7889b85109365f25f5f

  • SHA512

    132c860ec79ede1ab7c971d4c960cd94e5322e69a69aceacaa06771d0d76aa260d0f068ff6870843596d1cf5fb1ae6f0b7bd7f612575111e0d46fb0320bd4b08

  • SSDEEP

    12288:F/1L+W3eEQKhksGN5qrdSgiUjEevMWif3gG:F/x+wGUGN5qUgiUjEevxG

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2