Extracted

• • Target

    dfecfa3e88b9541384a5d919dcb3d539_JaffaCakes118

  • Size

    60KB

  • MD5

    dfecfa3e88b9541384a5d919dcb3d539

  • SHA1

    5106d3862b3f7e8df6add88b719747f124baa371

  • SHA256

    6993988e14278f36ad05eec9a453e78c94260eb910adaa200cba43fcfcfc0e32

  • SHA512

    8c5b121622d2ead554bcebd67e64c4b586038293ccaab77e7fd4c6011675f88973cb39d992a43ab64f0b2e3d2c0f25d7e556f3d654c010b116bc6e85b1f26006

  • SSDEEP

    768:DM10KgECyVWFXlk87QK7LPjMvl/SSd6bZUTbaAvh03/sKDz/BdPR4q:Dk0REVilkkQK/r6UWTba5BdZ

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2