Extracted

• • Target

    dedc00845dddbde3f78ee1e016148c22_JaffaCakes118

  • Size

    49KB

  • MD5

    dedc00845dddbde3f78ee1e016148c22

  • SHA1

    05f6cd958f9c911cd0bd606236c736bd4bcf008a

  • SHA256

    22f92d3308d40afdd631a400692cf05eea175ec55c54bab447cd3f0156dc517d

  • SHA512

    ba71db2883402a42a000d5f3acc8f36c21918388eb6d55803f35cce010283c0ab415e0f112c5133b1e57379120cf4a2749fecbbf86476e9de83ba0e092a5891d

  • SSDEEP

    768:ZI46p1Y4tVLY5BI3GF4RNs3o/jhQbfZI7BOJte0EaB7ThJgtEeW:ZIXy0YXI3G9AGbfeBO7e0E2T6EeW

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2