Extracted

• • Target

    JaffaCakes118_9782af747d74702719c2da418256e164

  • Size

    235KB

  • MD5

    9782af747d74702719c2da418256e164

  • SHA1

    0ed275cbaeb7ad327172547dc036abdfdca163f5

  • SHA256

    2bb11676d3671ade6eb5192012a52e7e1cc339ee6f6c36b3fb0942758856707e

  • SHA512

    94bd7410ee4f8314a0ce84617a0c87f9b197e54ebd99227cafb8572850cd7abaf12e400c5d368c7277a2e220dfd04078fe448d53410a82bc3429c207a04f8a78

  • SSDEEP

    6144:mutjlpnPEdCtNULSvL68fdda7JWcApjHDn:muVznsSfjXDtDXn

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2