Extracted

• • Target

    81c2b560fe7e50858a9facb0be1b4287_JaffaCakes118

  • Size

    252KB

  • MD5

    81c2b560fe7e50858a9facb0be1b4287

  • SHA1

    0c6b23eb776cad75f5794812a6f8684b09cdebe6

  • SHA256

    85a950b494d98f133d88b8e2e2d1527ddc421c08b8b9e4c07a5393faddb77d5c

  • SHA512

    7976c33e6bb6c2d55582c99d3224acd10f46e737c5ebee544ef8b44b6200bd9c7a2ec4a7433f27ee59c7e5c5b30299149db738bf119c39722163bb5fab06b472

  • SSDEEP

    6144:FmCwBmAxKwNATSLjT0QPPPPPPPPPPPPPPPPPPNPPPPPJPPPPPPPPPPPPPPPPPPP3:anzATSLjTBV4tVaA3Pmg

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Impair Defenses: Safe Mode Boot

    defense_evasion

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2