Extracted

• • Target

    ee8ab5743b6cdfa4f9d25fc7719a759d_JaffaCakes118

  • Size

    89KB

  • MD5

    ee8ab5743b6cdfa4f9d25fc7719a759d

  • SHA1

    b633541bb62125cdaa5a5dc6716fe66b71bed6fe

  • SHA256

    1f026242cd3bcbeffa98717573f97de7b721dfd47c771ed0d4cbb4d4ffd681f5

  • SHA512

    0556f48f3a0d6c6a611753581b7c0e81f26bedb67b98a60736c1441fd00ec6c2013fd8a3d2ed3e1bb6e24e30a52c4f097875eb4dbcdda5ffc0593a7de44ebb12

  • SSDEEP

    1536:hOpOWmH4UIbiV8EEhHX4VOykVf25lOjBXIyKhRGsqsQVS2Tw3:kOnH4UIbiV8EGHX/fUluB4yKn9ke

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2