Extracted

• • Target

    db45677b16fb39305178a99dab4874e6_JaffaCakes118

  • Size

    61KB

  • MD5

    db45677b16fb39305178a99dab4874e6

  • SHA1

    b022c3b9c7aef2ba62899fd42b69f5eef696d30d

  • SHA256

    d860f6cd7bec3887ea2205c6a09bf753f08501fac9d1a6ec1ee04eea515c6ff2

  • SHA512

    7df6814b5a066cbc1d5ae2733ea67f7eb3b9cc9e2eda484810178214b3eb0a8c69dc42f41a458ac1a27a9305e2ca3d41b4608997c3b571b45b630642ba678723

  • SSDEEP

    1536:5NbYzDLPzrpsG9FClRn2oHPVd9Lj2Dn0kyakAYaO74:54kl5/9LjgYpAYV7

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2