Extracted

• • Target

    db973c62fe30bda177b80b5c41b15240_JaffaCakes118

  • Size

    59KB

  • MD5

    db973c62fe30bda177b80b5c41b15240

  • SHA1

    9204b1ed600482d5f4b6d7773ae87c2adc89a692

  • SHA256

    d1fcd376c602850b9fdff7903a1d2dd8e73439f5a6ec355a7bc3559e89b34148

  • SHA512

    2823e35cd369de30bbcded8067398b8f26cf452dfb4c15af93b80ce1a0c40d89f74d12d2e3f0174630ddbf9cc2fcc3fe13a543a1dafc79be9f1709d2e60fb101

  • SSDEEP

    1536:LoI4vTx/yBclR9xck92zm1LYlOcvZUZ7X:8IA/+clR4kEzZI6UxX

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2