Extracted

• • Target

    ab6b687ab3e7d9bb9b42b6b2ac1d6a6f_JaffaCakes118

  • Size

    61KB

  • MD5

    ab6b687ab3e7d9bb9b42b6b2ac1d6a6f

  • SHA1

    0eaad7dc12c0b3b57a0ae5536bc61aaddc290d55

  • SHA256

    8384b554cad0b47e226e12aafb7e6f3e5ce79c0efaa7b285d5abfc42f86f3ffa

  • SHA512

    08f3c7e48fad3caeafd41a98ccfa9ffb46e4c1695f2f914bec9ce58da30090b16d46d63ff7838538c9a2de8cfc95ab58a2b806a21d3364eba1d5fb1bdf0e8547

  • SSDEEP

    768:qGYme+TRdyGiIjJot9plP5MdxU/99acjCouPotoEr5ZI5w0PzQEgr0+yicozN3pJ:qme+TsI8lBYa/99hjaotp5ZmNrAySNZ

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2