Extracted

• • Target

    e1823355ebb918b77c266589cd6d05a6_JaffaCakes118

  • Size

    48KB

  • MD5

    e1823355ebb918b77c266589cd6d05a6

  • SHA1

    372f7bdc0a680afa97ff888fac602d561b701737

  • SHA256

    57cf2366351bc0cbf4dfcfb033ff704263fe4550f46df05c8e4fbe3cb010bed9

  • SHA512

    9a825dd552cdfff9f78a2726cedf453f199f9087b77155c100a270e9cb1a7381f59ab19d3a735459eddde142d7626be6322ad18714c084e06a240eeb889b924e

  • SSDEEP

    768:HR/KhRV17RfsWh8Bu1nfLBTR37rkn3g3R7Hj9iZMbfA0AW:h4V17/2BOfDrk3YpnAW

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2