Extracted

• • Target

    b30db85ce4bd7e9b03780503f4075ddb_JaffaCakes118

  • Size

    152KB

  • MD5

    b30db85ce4bd7e9b03780503f4075ddb

  • SHA1

    a6622901e4b2f9dd941515cc6c2a9e7cc64f463e

  • SHA256

    baf8bd8db775ed8b831056b96042dd830d49c7490cf177d653c8502168ba5b9e

  • SHA512

    22a9d940cb418aed8596abf7034704b1eee364c24cb2669eb94538154e2f0ad5a55b7baf39edbfa71658586dc741950e0ed3fb8b2001f51c1ae6b6f7c18b5b6b

  • SSDEEP

    3072:0gXclopCntDfGkrZkfpjQDPNyzD21ASn:xpE1r2eDVynkj

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2