Extracted

• • Target

    d22de912120d5f376a2da35ac85f8f2f_JaffaCakes118

  • Size

    112KB

  • MD5

    d22de912120d5f376a2da35ac85f8f2f

  • SHA1

    7755ade14441657b202920176ca17fc3f768b58f

  • SHA256

    a67b3f197673f7bdeaab0cb1890f04b430a2fade09e6aaabbdca27736918d919

  • SHA512

    cdabf3d31a46b8000b47f171304869f4bf97db7807d53cfca03df479fe8ccc1a2fe8057bde6a5625bdb53e1f5cee82b2a45d76cb7fa643bd410d539b1516f00b

  • SSDEEP

    1536:Ui72yqBfbl107wf8mxiuq28OSeGUWbEez/DaY0mEGrY4LKacoUcW6ba6S3rm:Tt8MwXxBX8OSel5eImEGr1Lc8W6bNei

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2