Extracted

• • Target

    d90a33ac1d1845428baec0765efe1796_JaffaCakes118

  • Size

    484KB

  • MD5

    d90a33ac1d1845428baec0765efe1796

  • SHA1

    41d4d07095aee2ffe20497a4d1621f764a33ee73

  • SHA256

    ad4cc7d0639d95613f2c3a7b26c644e4bcbd5c4d9325a1dd48b7280124923a7a

  • SHA512

    f98d8ce2efa86f41e6eec39cae9f95064f5e154cc03543960236f77407146e0e35470cdbf9e4bd503fd8ca8ededb4468ee3b06eeeed858e846d96dd0cc3c0d2a

  • SSDEEP

    12288:YRQmDsgDPIAnsJ8Q19/vA80Tk+Lf2hgQmUQj3MFgb0ZCznzMs14AEoeli:yk+Lf27mUJFBunzz4AEoe

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies security service

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • Network Share Discovery

    Attempt to gather information on host network.

    discovery

  • Drops file in System32 directory

  • Suspicious use of SetThreadContext

  behavioral1behavioral2