Extracted

• • Target

    e40f628a6207516aad11623e6c8a04ff_JaffaCakes118

  • Size

    120KB

  • MD5

    e40f628a6207516aad11623e6c8a04ff

  • SHA1

    b49f3f28c09bfff68be2204d7b9deac34d87c3b4

  • SHA256

    e455d831cd61395e72299761136903fda048bf1b2c31e485f78086a1e3793065

  • SHA512

    f6142988310b77c78896e358fdcf708afc563696cae4a812d121048180abc201be615251ffc087b4e1d9b0ef3962ecd21070cfe7d4464f5d2cbde20f701a7786

  • SSDEEP

    3072:ApnFjHocshZF6vnGt5VfkTooPtI0SDOKPr:0nzWF6GNkTtFItOCr

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2