Extracted

• • Target

    9c32c5bec9997eb182fd3a416d2c8e7b_JaffaCakes118

  • Size

    73KB

  • MD5

    9c32c5bec9997eb182fd3a416d2c8e7b

  • SHA1

    d88dca096c3cb4921f39375eb105cf3c58890b44

  • SHA256

    d2d79138ff59a20c394732becf2e52eddbd22046a9effe2451b2baeb9a184408

  • SHA512

    034c9db8a4075ec12d330178e3c5791345f10123ed12bf2341b4c4ab6769ec8988923df99fbe0c1ddfdc2602d88440fe78b1bb93caeb0c0ca8935b7869ace9e4

  • SSDEEP

    1536:AKSaZ6KzsiT5piltFh1ZItEQXCAVTDgg0e4i9CYk1I6:fSc6KzVi71ZItgAng51mKI6

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2