Extracted

• • Target

    90fa41a00bec3d60e9e7d3923f7c306a_JaffaCakes118

  • Size

    107KB

  • MD5

    90fa41a00bec3d60e9e7d3923f7c306a

  • SHA1

    683682fde812d47e759d6804060d96f5d33dfe2e

  • SHA256

    baba8e872cf6321c626c16f0bdf1159ef75faddc504ee0a689807973b8a1a53a

  • SHA512

    9acb6e6f624594db1a65d56231638ce3d41819632b34a36b87095ec94dcfb003b9efb177cfefe5e50a447ebe0ca2c197476e4938bc6b3862a3be01140effa3cc

  • SSDEEP

    3072:b6GHlnAZkpAN445Lslg1oEy4RXaUCmwIiaRCUJX0:B6Nj5LInmwIftX

  Score

  10^/10

  metasploitbackdoordiscoveryevasionpersistenceprivilege_escalationtrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies firewall policy service

    evasion

  • Windows security bypass

    evasiontrojan

  • Modifies Windows Firewall

    evasion

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Drops file in System32 directory

  behavioral1behavioral2