Extracted

• • Target

    e64be1d5cca2a2d14f194bb492bc11ed_JaffaCakes118

  • Size

    268KB

  • MD5

    e64be1d5cca2a2d14f194bb492bc11ed

  • SHA1

    a59ed80a94d4c0d5809a8aec86ac0455aa5e107b

  • SHA256

    16beb80bda8b4bc07970de76e21d44896c7e6a8ab9ce0027d80bea4415c3b68e

  • SHA512

    2b6cd9c95f9c306bf79cc676f7a5935390edd52e45659728aa388d5a4ec4bf21584ad1c7b4f961312ca59956a2f8f0bb3518687c25dce485590dc8b9882c3d1a

  • SSDEEP

    6144:tUzFqBpJY3SLXuP39/VkOXPshNN0A8qqFf:tmqzW3SzS9/VkOXkhNN2qqJ

  Score

  10^/10

  metasploitbackdoorbootkitdiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2