Extracted

• • Target

    e371adb18df9145d3b5bbd448b81652e_JaffaCakes118

  • Size

    218KB

  • MD5

    e371adb18df9145d3b5bbd448b81652e

  • SHA1

    aed7868ba4d7e24bdbad1ebc962a0e928dbf5b0c

  • SHA256

    0a3c6293b62269a81da4019ad258365b7b5751ccd592e89c4031d031088ffc08

  • SHA512

    77994a5b7f9939dbc3f777f0cbc8f36cc681bd2bbdfed889595e97a654a66db6e22a2ead233059b9434d75713876a83260555bd88dac312e7733859724db7c4a

  • SSDEEP

    6144:WZQ7/xRY2m4UDnwbFOX53FtrlGnrHDEbQ0+DKVz8fI25XQIWSV://xRDm4UzCFOX53eI3+DKZ/tSV

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2