Extracted

• • Target

    e3c2ba03316368208c1a924b4312443c_JaffaCakes118

  • Size

    152KB

  • MD5

    e3c2ba03316368208c1a924b4312443c

  • SHA1

    59287c758bb70d570eb8a47ba9b3b83d4f670628

  • SHA256

    855915b5b89fe495545ba2be7809ed506e20eba31447576207b78c5a580ad944

  • SHA512

    c3a8e1fb341cf99837f0663414c40f7eaba5fafa9911bc38c08f98ea438a7657454eb27211ea9346698c3ffbe0493243d89abb2204ab9a2751a7fe35f8bb68cc

  • SSDEEP

    3072:ehK36YyE1qSP/A93GfM/Hj/axxX0SBr0qZXDj:kYfmGxXb0qV3

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2