Extracted

• • Target

    9a1c7c843c37b88717ee639df5164115_JaffaCakes118

  • Size

    62KB

  • MD5

    9a1c7c843c37b88717ee639df5164115

  • SHA1

    50016c9c1a0827e5dac4918d8f979b78cc91df48

  • SHA256

    0abe6844d2a514d040d7a7bccb8fe272042dc8229119f6860a7460f6bf29cbd8

  • SHA512

    929b23489970058aa9cdf9c0a40c2ed723f572d8b2f9d04ff55d2cc505f69f08dc94b88cc87992253ca8be0e560d159e29ca8e0355b8d25e23483b1fb618037c

  • SSDEEP

    1536:LnJdFerhX2T7sOyZsVhkMGnifkWhVMU7wwvm:LnJIhXyYOMsVmiNX

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2