Extracted

• • Target

    d6089f7f1e8b4304ad08261fb29bd079_JaffaCakes118

  • Size

    84KB

  • MD5

    d6089f7f1e8b4304ad08261fb29bd079

  • SHA1

    303c6fc8f1dbf68f1fd51da35b46537fd4cd01cf

  • SHA256

    b76e9f94e72fdc6b6b15484364f8ea4706ba3afa4bc168d5180e3145ccee8392

  • SHA512

    2a6408ded38d2b9963435ac94af03f4180f292d03ab8970fbb872e7082ed35ab5bd2d3bbbd75c50423d63297798240774e26f130351982a654e23cfc08867266

  • SSDEEP

    1536:2fh191xvfaBJbFsTcyp3QCUwljFf+NDHA:qn1xvfaGIyp3jtl+A

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojanupx

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2