Extracted

• • Target

    JaffaCakes118_985999993fffddc99fd1a4ea76759ff1

  • Size

    232KB

  • MD5

    985999993fffddc99fd1a4ea76759ff1

  • SHA1

    39d023c4898cb8acd2725f91ff0969ff763aeafc

  • SHA256

    68623f085d7f715b372067e01a38196402857560ebc617da8bf0c0be045ee2ab

  • SHA512

    be21cdf001fad5d3000e7c76084cfd9385edf8ac3feb48d16b105db88b076365d51c5b6005d47b1e73f5be9ecd0157d6e054f1915985edbba7feecc1892b0d3b

  • SSDEEP

    6144:dSSBgo/oaUevQfIiew0T6S3PzFHvusUjQ:dSEgWoaUeqcT6azxusU

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1behavioral2