Extracted

• • Target

    JaffaCakes118_8aa0892ed756ce1a48507cf2ce970bec

  • Size

    548KB

  • MD5

    8aa0892ed756ce1a48507cf2ce970bec

  • SHA1

    855faa99639923c7a9a88ae8409e0d59f1443ae3

  • SHA256

    52bd891fe5e54aba4b381eae5f74efba20d3c8b46aa94b550627615cbb9ca5fd

  • SHA512

    19200fdc0ce0be456bbaa23e860c8b873f254cb375d58d6417d0bd25654c67299413f122922c93ca70d641a52fc4471b1a80caa6db3318e84ff4d587edaed441

  • SSDEEP

    12288:izP3mTLt4Buvhzdjn+xT64x5nLO0CrnMzqzvR:byBuvhzAx6E52rMz

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2