Extracted

• • Target

    b9c5cccf05c91ed4f16aa455ba3b6c15_JaffaCakes118

  • Size

    246KB

  • MD5

    b9c5cccf05c91ed4f16aa455ba3b6c15

  • SHA1

    d160411467f774c10b1b0a59c2bfe7ad19027832

  • SHA256

    8d64de7fdbfd14b6bd4d24ff07ce6d4f91fe712172c5508b24fa2f740918ac6f

  • SHA512

    ec66b8b1d956efffd4e20c7a33ab0a929daab151506a7db0b617440ccce882a9dc47d52c4be61992063289295e49f5b6ecf450dc18b2e8960c6ff9d6d0a8d933

  • SSDEEP

    6144:k3GbsdGhWwplZGwL7Ioe27ezVEd5HphJVSkizwD:sGcGhFpfUt2qpohHSO

  Score

  10^/10

  metasploitbackdoorbootkitdiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2