Extracted

• • Target

    e2d4c198cf489e724a91f76f9e3fb00e_JaffaCakes118

  • Size

    1.7MB

  • MD5

    e2d4c198cf489e724a91f76f9e3fb00e

  • SHA1

    8661cd99b2fa107d8124cee1740934de248d47bd

  • SHA256

    ff76d34bace404e490aefcc36d341fc63555c0a2f874362be80be7a23ee2f227

  • SHA512

    10d282e99e7c2f24ee9bbfe0acd8feba70384c1892de70046eba1084f4a15cfbbe4d64b0f263cecffdbf3c12c97922b783ddb05052894c41d1f3878731490ef9

  • SSDEEP

    49152:7WKfCRdWutR4D3A1A+hQ88aZQS+asUd91Evw:yKfm4AheMZx+aseKw

  Score

  10^/10

  metasploitbackdoordiscoveryevasionpersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Modifies security service

    evasion

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  behavioral1behavioral2