Extracted

• • Target

    f87b58d86ef145e2733f639ec026ae7b_JaffaCakes118

  • Size

    227KB

  • MD5

    f87b58d86ef145e2733f639ec026ae7b

  • SHA1

    0c972f1bdd17a707a6b6e1c2a5591be52f0130a5

  • SHA256

    a37c4ab377ffa605695dcfd0a7a68aa3d2277ffa421923472754473e38e30e48

  • SHA512

    142d1012ee4d74d27e28db249447a0cb38ef48c9ea63bd45f593c8670cc437801d8e2bd26d3f5ba84d9dc681c244696d564525234d2a88fcb5b21cd7a00c1886

  • SSDEEP

    6144:+tdcKitBJqYOVePsP1M+xiQOK6gyw1zqH/F14r:m+tLOEoS+xxOkywQ/PA

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2