Extracted

• • Target

    8de59673ac9353799a12a56a67320838_JaffaCakes118

  • Size

    50KB

  • MD5

    8de59673ac9353799a12a56a67320838

  • SHA1

    edabb9f45f135ebc6e18c3a741381026311232f9

  • SHA256

    df1b65f650a9ae56b83a9a6b14369872cb91c605da187eb568a81fe34b7ec617

  • SHA512

    2ca6ec396b099dd36e59ea68fcaa8108902bd5076a1f1a25e23dcb546606f3181c06d33d1c341b842e480952943d8c1b3868f0a5f7b2164e93885d3f9c24a334

  • SSDEEP

    768:gSnpKQ7H3YJmAe+cItZApv6C4OVpAB34Caxxy3hrXkUe/8cKTCImuJ6:dpKQYHcwaSC4aKJxaO1ATuXmuk

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2