Extracted

• • Target

    f263a1ad9bd2b07595f15e35ca17e5ac_JaffaCakes118

  • Size

    73KB

  • MD5

    f263a1ad9bd2b07595f15e35ca17e5ac

  • SHA1

    2b4543370b498a631095c4320330c58fd3129dcf

  • SHA256

    1f4b237250617906b5123ccdc45c7d43b8032e6d4f8cd3319841d3b194f8ddb2

  • SHA512

    0a89f0e3793bf944dcf3512706c0cc40b474a3ed11f507eefb18cbe3980588b1b5a9685cf8a8baf8a95a32c903425243b3ee88ea523daa1d497686cec9480a42

  • SSDEEP

    1536:wPiVWnN2lvZYd1T6AQ3J4mbYkazDX68V1xu/bFoaICqArP:ET6Bf9abibFPICqAD

  Score

  10^/10

  metasploitbackdoordefense_evasiondiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Deletes itself

  • Executes dropped EXE

  • Impair Defenses: Safe Mode Boot

    defense_evasion

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2