Extracted

• • Target

    de9bb7cf1e8c1a678b3ec818b31faa59_JaffaCakes118

  • Size

    63KB

  • MD5

    de9bb7cf1e8c1a678b3ec818b31faa59

  • SHA1

    70df2a5cdb8104d1ae87736c615dd2ec18fb9a0a

  • SHA256

    135e17751624a689eeed0cfbaeff0d0228827efa1c7d283cbc1e2a33e288f656

  • SHA512

    5e61c6ec79c1a795ec05021ec7c9dffec10a40dcf775a4b4a9ff6aa25cd4557c1645a76cc0172e0d0c43851676ac96b4f1d5328bd8ca26d7e0ce11cc2de3414a

  • SSDEEP

    1536:yPDzLyCxik2MlwUn7YX8jIW+n9yl8FC+:yPrpiylzn7E8jIW+klYC

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2