Extracted

• • Target

    d9f02d16d6198b051b020a3d090d8ba3_JaffaCakes118

  • Size

    171KB

  • MD5

    d9f02d16d6198b051b020a3d090d8ba3

  • SHA1

    e60553d707eb37624a9bb4aef8995dec5f7c4269

  • SHA256

    e7248f8b942e37736ec97e1bae9f8f9e13c76aad033e99d8913248a5928bfa50

  • SHA512

    7a6aab643dc176b14e55fcd356bcab6628f90fae161959e6fe5f8daeb43a269a372011929c8537b81e6effb8c6c674644aff690ec070413eaa690be673b7ecb7

  • SSDEEP

    3072:x5jZJbLKVqgmv7EVnejuqLc3CZfrKUHrXrpYnvsDhrPptSBhm77Xnei3LMAQ0:v7SVrmgVned4CkSb5rBtkhm77Xz9L

  Score

  10^/10

  metasploitmodiloaderbackdoordiscoverytrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • ModiLoader, DBatLoader

    ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    trojanmodiloader

  • Modiloader family

    modiloader

  • ModiLoader Second Stage

  • Suspicious use of SetThreadContext

  behavioral1behavioral2