Extracted

• • Target

    c1ba2017a3573247e5f9c75143197c69_JaffaCakes118

  • Size

    82KB

  • MD5

    c1ba2017a3573247e5f9c75143197c69

  • SHA1

    8034f695d905ec481f102bc3a67061c1e0518126

  • SHA256

    01bb6b8fba16d479799e31d182039e76b2959c2ca16094a88e0226bbb846c4f3

  • SHA512

    12375bd99def66ed4667e72a29680377a0f230e9ebfaa98dd95d8b3a4063392cd54da53054a45187de1264efb97a27db5632bb5720530aef22f4de9ec5a3cc2e

  • SSDEEP

    1536:ALRUv3hbVo98GadfTGVl0o5IE7fQj7IMW1f/3Fy:yRUv3hbVo6dyVlL77fWIMWpV

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2