Extracted

• • Target

    c9d1fae8802ceff4bfb191d13bd4c0b7_JaffaCakes118

  • Size

    73KB

  • MD5

    c9d1fae8802ceff4bfb191d13bd4c0b7

  • SHA1

    89e416b79054216ceb8305849598ab0a6be82496

  • SHA256

    e65067b769b148f79fc38c73f863bbef91e5b8749962481327229d255dcec602

  • SHA512

    b0871e6a8d12f2fe089f1c15ee36844c99fc85030dcd36ccea859a313ba9bdb7f5287ac542b1a2c6a3c6ce9439ad4d07ff7509526e2f8b9f1a7d431979609c8c

  • SSDEEP

    1536:1D0SVxpsIuP7b6O4qCiF4H2XABChWUYW4LI8/3Wi+tmCYCeO:ZsV7b6ODTF4WQB8WU7KIji+iCj

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2