Extracted

• • Target

    e4b41c63ce86fd1df6e2d88d2d27c055_JaffaCakes118

  • Size

    80KB

  • MD5

    e4b41c63ce86fd1df6e2d88d2d27c055

  • SHA1

    f68aec6f694b98590102d2d6ebf57d5177d9bf1d

  • SHA256

    14ba3ecb0c36a04be8f49edc9bec0bdc7d07056decebdf0298fd99534fcc91eb

  • SHA512

    8b49295b3fad77ea101986b5037ffed47a5b9586611cf5ffe4d1ec6f319ae5d8596600f8b9bd6fb6a31deb67177c30fb581f69e28b2551f524492dcf84ae215c

  • SSDEEP

    1536:Hwhboay8bMecqi8Ejt3UB+Md7z3HALE5h7eUJAToTtNWKnbXtXI4ZG:Hwhzy8fhi8w2dHALE5hSlMzbX9NG

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2