Extracted

• • Target

    ce69fa6d6f3c163026e5f1d6d4297f59_JaffaCakes118

  • Size

    119KB

  • MD5

    ce69fa6d6f3c163026e5f1d6d4297f59

  • SHA1

    b58357e71d5535ad2969691393ed123550c44647

  • SHA256

    3bc1950de2029e1e228db476e2d6d7d6b4b85ef9cc0d3a856be2f0eeb71c79dc

  • SHA512

    2c393bb708f80ccedb11f65b9b814334e51fd5e67896bd9f88d8552d2d52ea33ae0a8e84e3262748d0770804d5da694da462879f075fc0512c37226b19c791cb

  • SSDEEP

    3072:eYEoOF8fScyj9f6UgIDzgKMIJ6uOZ2xytZUo:FER0Sv9SUgagKMEb7CD

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2