Extracted

• • Target

    339cb8e57b78b295b7fca6bd0e4944bd_JaffaCakes118

  • Size

    213KB

  • MD5

    339cb8e57b78b295b7fca6bd0e4944bd

  • SHA1

    6c7942db591c43d7a6238169e886abb958e51e01

  • SHA256

    356902ac1b2532a0f938728162a76e293ade1c89e0915319c7d4cf09b8ec3031

  • SHA512

    60d383ba5409d3a29c3264e45d0d2f7426343526acf8464d7e51162015b3fdf8f57a095f1ccaca4b847884d6fb79a71f4be5964e554cb3832a2bcbe94d24ea76

  • SSDEEP

    6144:hlqtXlhQ8ZK0lAswvP6bQ7yMP+DE827YYscL:hlogQKXd6b7MP+Dd2UYZL

  Score

  10^/10

  metasploitbackdoorbootkitevasionpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies security service

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Drops file in System32 directory

  behavioral1behavioral2