Extracted

• • Target

    b77ba02c4741d2835e41ce25dca26616_JaffaCakes118

  • Size

    53KB

  • MD5

    b77ba02c4741d2835e41ce25dca26616

  • SHA1

    18c3b5cfd7c28f4fe218cb1ae2d60df8624742b1

  • SHA256

    4e3f443a577a4df8be7b0fe4abe0c82128a966189c796183328ca134f5cb6a88

  • SHA512

    b3d13ee2850274b6e58142b0a0d20817a6bbdc7db65e14f08b49b35bbc7d85d398c75cde43108c2a6b5e556c9aa0c9dc9176ac1ec49083794185bb04f7a39669

  • SSDEEP

    768:xfKVW8WBsy79FXli6kmJVV44lp+cCm1WmPoYX4YNFyzlTFpQC:YVRWBDflL/VV44lp+mwY4YPyB

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2