Extracted

• • Target

    ad57c11e2e247bd1da2d347d75c4437c_JaffaCakes118

  • Size

    92KB

  • MD5

    ad57c11e2e247bd1da2d347d75c4437c

  • SHA1

    d8bed8aa9fb06e1122a6d867de5bb663639af0c2

  • SHA256

    e4252b8b4d079f826c804ca1367fd36c59347ca8be6f8acdb3e3d8f63edd7d75

  • SHA512

    9a74e320f46717fb8a621beb86e47589871ad70210e6f8ecd6f0f40e7af056dc9ebe24e30df5338ff06309f93356b59f4e3c7efffafcd4766787dcbe2cddc274

  • SSDEEP

    1536:VSquE20GQkzvdyF7+lpDbaQ6x+HPG5Hww108pIUvsgwzMG3RCk8NswK2k:ykMHa90HPG5Fjv4zfiC2k

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2