Extracted

• • Target

    ebc3cef94419ec4e63728fa50198a543_JaffaCakes118

  • Size

    212KB

  • MD5

    ebc3cef94419ec4e63728fa50198a543

  • SHA1

    26565e91c1a93a49811bfdd8fa467a030260e834

  • SHA256

    56a40d09a61719b5b6f104dba4cdfd156387531d980c56726929f5b5973cbdae

  • SHA512

    74455e1bfceb93beb3b51ba6f020c5c88af290f2f7c80dcf2c460cb2a52b7589823096e01a9310fe89b8783c0473ad8f33d8b3e55a10b8584fb6ff98a70eb563

  • SSDEEP

    6144:as3laSOajYEuFUJ3nyeGg3zAeRT2BD62GWyp3GBMG3R3qOjr:r1aShYzFUJ3Wg3/RTTVTd1Yfr

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2