Extracted

• • Target

    f750aeee6ba230959de873427befda57_JaffaCakes118

  • Size

    252KB

  • MD5

    f750aeee6ba230959de873427befda57

  • SHA1

    457ff5d34f5c49e6c49a038eb1b2e76dde91f3da

  • SHA256

    5daa46364839ea184b7ea01acb4b56837e0194620f13613a98a32a4f314c7e7b

  • SHA512

    a505df8a8f7bf6e02139f4f038593075e35b2887523b821e481d5eabcdc2e87831954eee632e28664193d155de8562463f00e11b7090bf3d220dfc9b9f2ecfeb

  • SSDEEP

    6144:90Dd6+SD+dYnY9cCxaTZ2EhCDbRqJyzkAif2gFjKA:OM+SD+2n7Cxa9xCRkFAs2gFe

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2