Extracted

• • Target

    a93bf7442990dfff456bc9b540fc29cf_JaffaCakes118

  • Size

    196KB

  • MD5

    a93bf7442990dfff456bc9b540fc29cf

  • SHA1

    796852ade6c5075b63c93161fe50fffb27836b3f

  • SHA256

    f0d2b0ae2663c209987c1a9505f21a95ea0ec04cceb2263d096457c032ad06b3

  • SHA512

    ac7bb2484018ca2f425cc0cc7be7ebfb28281db6602219964420563575cb625783b89d01e5a8903e0450b67e46f0bee8dca8227811b2f68635e91cb547f78f88

  • SSDEEP

    3072:RRcaswQhbflE9p6R/1blUmhOFR1chkE7zpLX+jXcjtp:zcHjbflE9pg1bumsXwzpOX6

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2