Extracted

• • Target

    e3e0b74e2d14e388480dc26de90117d2_JaffaCakes118

  • Size

    207KB

  • MD5

    e3e0b74e2d14e388480dc26de90117d2

  • SHA1

    b35ce09320299f313b1ebc4ca6cf95096b56257a

  • SHA256

    820bd5e982f5c5aa89eb8a03df81d4e51025bb4a709cef479e53b4354d4fecb7

  • SHA512

    42a45529b84afe6ddf22cf95af3518f478699e653745e862e30456a9d24e899a84b7445e813e2f1746a8f52fc224233b89ad628f45518d05de8e6a81bbed1039

  • SSDEEP

    3072:ywvmIgMRQG6pO0TVAwMomXdKDf7vT4CiZ2kx:yGC+AWFN8vT41Z2k

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Executes dropped EXE

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2