Extracted

• • Target

    JaffaCakes118_6ce6db9da95a4261b37b2395161e0dbe

  • Size

    142KB

  • MD5

    6ce6db9da95a4261b37b2395161e0dbe

  • SHA1

    43eb08bfed6b899553f2146c1fd22f8b3c39add2

  • SHA256

    d83506eefb051253a4bfb33f8e26f14968f9ab2a4b0c58c91d87b10f09a5b557

  • SHA512

    8aa0d0bd28da3c9eb83cf386b43235b7912a96bafb13c1cea051f12e8cd2dcfd9cfe53c83f1a4fc3576ff93205b257a6215cc1344996debe1206da85a040d81d

  • SSDEEP

    3072:bydZf/2LdvPFfje8kTxG3bbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7o/:bydFwJK8kTxmwvP6bQ7yMP+DE8272

  Score

  10^/10

  metasploitbackdoorbootkitdefense_evasiondiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Drops file in System32 directory

  behavioral1behavioral2