Extracted

• • Target

    dbf87075bcf43486896d4ba6c8420859_JaffaCakes118

  • Size

    180KB

  • MD5

    dbf87075bcf43486896d4ba6c8420859

  • SHA1

    6947cf7f1fda2b5427bf440e855046aa8d6e93df

  • SHA256

    049f05184781f8694e4b94c9c4a7ce2874758c414fb4ec9537818830704bf7c4

  • SHA512

    0294366879f82d129010647f89b6b3f3826bebbd88e79e464e914c9755fcd718e9618da8e1a377bd1eaa67fe866662dd050ae34ac408e441c65e04e626da864d

  • SSDEEP

    3072:nAJfYp+lXv4AL5QCmObvXViLbb8Gh2NJUBs0+w6/pV0:nAI+lXv4ALXPcnb1gNy5+VY

  Score

  10^/10

  metasploitbackdoorbootkitdiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2