Extracted

• • Target

    d54973f7bae3f1f3cee684f6f25791c3_JaffaCakes118

  • Size

    184KB

  • MD5

    d54973f7bae3f1f3cee684f6f25791c3

  • SHA1

    fbb608e7aa0cc9d9d6e25cd4d28b9b1c22297944

  • SHA256

    fa98a5bbb713b059a5281b6db6cb9f8a345b0e43ffd1da9392f5b9da2b5822c0

  • SHA512

    f9b9a1813e57fae6b1c44dc4ddcad85642e5378d1658a0118e51b0633d04ba61894cde0ab0d2f0625be2b89737d75b30c53b459b42157e47390acd4479034904

  • SSDEEP

    3072:n6h7KeLn/+4vPt+uUKUghKrjBfg3/zw1R/UYAx1iYWP:n6BVTmeJUU+f8w1R/w1iYWP

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2