Extracted

• • Target

    JaffaCakes118_b8ee36ad45ef998452348f51d791a29e

  • Size

    197KB

  • MD5

    b8ee36ad45ef998452348f51d791a29e

  • SHA1

    184a3d00d2641c45d1458e18a2fdc89ed9977941

  • SHA256

    8bdf88b7008aec23ca5b4373e266f94077a1715004a5a1caf1046dc6a5fa7101

  • SHA512

    65dc6dae6f87b5af09c769817f7c1f5b840c06a3edd8f280e8c129d0d16adceed136c6ee6f9393f1b17901defe80609aada6331c4ce1739fdf40c383394e0669

  • SSDEEP

    6144:kA8RyYDeWXTJ0ahiiAQcst8nhNdA87oaT:5OesFxNxtuFd

  Score

  10^/10

  metasploitbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  behavioral1