Extracted

• • Target

    e870b3947abe448c9191733c8ab219c0_JaffaCakes118

  • Size

    44KB

  • MD5

    e870b3947abe448c9191733c8ab219c0

  • SHA1

    59504d55450da97c1296592e96dc59bf5c473d5a

  • SHA256

    70430df1a4df9d9ee358f4d37b90822bbb3af8ba36f0ce8e0fa945ca5e8098c7

  • SHA512

    f2b975174fe9df22d807c4b451312f3d783383f51b17d18dd7224a9a233e9a219e976bb0a4bc04728274ab5df7439bbcf622cd2591d4b0a6b2c8ce3d1f3dbea4

  • SSDEEP

    768:5xZknhnH4X9SpdY7JHVxpfw/Nf1ahewLPWZv0HjL:qndYXQdK/EwCiHjL

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2