Extracted

• • Target

    f13188b90e5ec50aa5d445b2530fa7a1_JaffaCakes118

  • Size

    156KB

  • MD5

    f13188b90e5ec50aa5d445b2530fa7a1

  • SHA1

    b4f79cb0a64446e85cfef592d88b00d6d821cf8f

  • SHA256

    fdb2b255e74952d234779dd42db354a9ef9693f72b6890df95c2fb44e35cbac9

  • SHA512

    b411d32644ed1850e672bb24e48365cceb14e8f58000d723fc711129cdecb31a71062f242bffd8fe3db4f5cfc9d508c3447dd10ebade56f8cc351698d3c130d2

  • SSDEEP

    3072:eGAe5bieIqqzGOwLsugWnbPhw6/zhp3Z1IPGMcR:sbzGO4sUbPhwazhJzIJS

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2