Extracted

• • Target

    9ae1a543dcd2ba8dd9c68b9ba3d54d02_JaffaCakes118

  • Size

    240KB

  • MD5

    9ae1a543dcd2ba8dd9c68b9ba3d54d02

  • SHA1

    bd304209769760007561e04e02e6ecb44e71452a

  • SHA256

    1dcdd774bd6697a638a448f6bb2c55303ae34a2d598d5fc7992b68834a9a4e7c

  • SHA512

    6bfd0c3214362a5648191c6975337eecf7c090007f25ea8d23ae94d670eab8e4c6d7bcd194f5daf6e79e3cb786dfa646861eb29d97b3c8d120418a8079d14c96

  • SSDEEP

    3072:4fITHFC3s4CwMJF4l73qRjifeBlnzXclzxaWUmuHE1D5PADin5vO:MYlC+GZqR1PcBxaWzuk1D5PAD8g

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2