Extracted

• • Target

    e3dafa71364239a94875c5fe45894755_JaffaCakes118

  • Size

    212KB

  • MD5

    e3dafa71364239a94875c5fe45894755

  • SHA1

    ea12c428ba6c95a12dc40748a05f594f574302a7

  • SHA256

    e3b85326a9d69f0c015b880013befcef42b5a45b2d499a63adde66cb302228ea

  • SHA512

    3acb0eb662eb6f209b878eebe740f1998e61308fe54dcb745acf8e4b6d56a5563401644f3673b7b0c1315cc9e2589b98182b472f540a88316bdbdcfd4b33fd11

  • SSDEEP

    6144:CCsOq7p+EBANI+lXkLV290OLmm/zHUnpa:CNx++SI1LV1O6m/zUn8

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2