Extracted

• • Target

    JaffaCakes118_ba079e3629746df9523c6cc0f9f2a8c1

  • Size

    198KB

  • MD5

    ba079e3629746df9523c6cc0f9f2a8c1

  • SHA1

    1bea54668c3e50eb61a0464c115a53c6faef2c3c

  • SHA256

    243ab49789cce063ab694562376ea549ebcacd1f4df4ae676b8145cee3e88a7a

  • SHA512

    9ac7d12bd1f46a07ed9b76bf64cb05b2b8380ad49481e8e9d910c7eb2ac7de5069f9fded0a557c7210802ebf07aed246560889a0dae39cac6e2f791d428d142b

  • SSDEEP

    3072:vDae+lG+XJiS5RjaRHWoiSL0zb69ex9HD1I5pERbUmbjFn3saJQNN3f:vDGU2HoJL0zeQnHZIajRXANP

  Score

  10^/10

  metasploitbackdoordiscoverytrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2