Extracted

• • Target

    b35f2b6853880e6fb097eefe2457575c_JaffaCakes118

  • Size

    87KB

  • MD5

    b35f2b6853880e6fb097eefe2457575c

  • SHA1

    51ee1abd475562ac69f9df3284db675820a97694

  • SHA256

    304571493d4de229a3298d9a01b454db551d192b58add08d39364b8f1136f9ca

  • SHA512

    a78347bb6b9782cf75305a58d5683805e9031faf1c0dca29b1be118bce0b1cae9c35d9b4c2ae428a8fed2f847f8ef81727954cc3ca51344086b0b27563218127

  • SSDEEP

    1536:kz/V4yoJ06KhQsTPNnA+c5DHax7zJhfAS2KFDdqQDpotGYidetai+:0/V2GTAv5DHax3J9IK14CYidEf+

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2