Extracted

• • Target

    JaffaCakes118_9703af3ac23b598954c27b06eac7a4a8

  • Size

    138KB

  • MD5

    9703af3ac23b598954c27b06eac7a4a8

  • SHA1

    b67d5b23ae2d8f6a6c2a3b9814b4e99ca3d8ee7b

  • SHA256

    064c7a174d2b6379992817a7cb4e17ad522606c7950a16b47bed9d018b663aca

  • SHA512

    5f96438bd86452e3d50b912e0d026d13313cc8b49e52eac771cd5af237632a0dda80b8c39152fe0eaecc1baf4c0b2801bd6a111ec7b010c687e516deccd42be6

  • SSDEEP

    3072:43EdaSlB4ch4vyRNQ0gAsy1FGnQ3CTR/lXjNnKPfq4JKo:us4cOKoW/ORTFlTNnKXVj

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2