Extracted

• • Target

    a17f41dbd32a7380206a9f42e6324bba_JaffaCakes118

  • Size

    61KB

  • MD5

    a17f41dbd32a7380206a9f42e6324bba

  • SHA1

    eaa846ac22f2938b2998ae03c0b75e3d90040112

  • SHA256

    df91a12d1b46b1d8e4c33f9b5598f8a61d685a91c914d553c1eec3bb8729da22

  • SHA512

    3126a440e796955fd2fd15edd90b8bd64ccbfc8fc69059fb5e968b6c38fec4e2bc2f169caf795bdef746609848823b74c8256ab07aa646d9a2c385d401b37708

  • SSDEEP

    1536:lNRP16T8h/Fl42A4oex3dJBSjbq1wua/PFG:hvTlAodJBSjbqral

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2