Extracted

• • Target

    fcce7beefba9290e71f2d2c94940f176_JaffaCakes118

  • Size

    453KB

  • MD5

    fcce7beefba9290e71f2d2c94940f176

  • SHA1

    f9723091885a6fc0c4c1dca94d5f83df60808a6d

  • SHA256

    f805110c117216794bff5fbeb53ec6905bcf0552e0e37f1afa1d0bf43b82f3c3

  • SHA512

    ac2c545ffb697f83cc92f47706aae89d553d07f7cd89792dfc60a5c0dd50462890a74ba2cb625a83ba7df97ff65a18ef38a2b2a83457c777269271783393909d

  • SSDEEP

    3072:394ZzO730avFydK04OLxzc2dvBlGJ4Cy6m3WvhZqIkBvvTAokmryNu0WpjjZe8YH:iyVFyc0FxQqVCZm3WnqIkdTVewRu+B18

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2