Extracted

• • Target

    fcb78beb3ade01d700e5b4cf43fcbf72_JaffaCakes118

  • Size

    80KB

  • MD5

    fcb78beb3ade01d700e5b4cf43fcbf72

  • SHA1

    04745a18a0aed7b8aa83e643a3ff436680fe1e5f

  • SHA256

    8375133d600c5a5e115cb2c9016f28ed52f06dbdf3576533239325803f149825

  • SHA512

    df826418f4018b0ed6686d3357e61d6e03e3bd9c442e6645922c8a8f5274158c8fffa4dc84425a1aad3319872d57536090168cdf291d80f09fbaee50ca49bd26

  • SSDEEP

    1536:U66svlWxtoBNy6PWEmPzXs/SSAOAB65N/zg:5LNctI4OW3PzGkJg/zg

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2