Extracted

• • Target

    ecbe94d573bec61c528beb5081e43e39_JaffaCakes118

  • Size

    108KB

  • MD5

    ecbe94d573bec61c528beb5081e43e39

  • SHA1

    8ce780ceefcfbed82941cfb7f1e6ded9c0247cf1

  • SHA256

    09ae91cd2d8ea34e2f84b23a1cc296cee711b1455bf1d33a1796a9772ec95581

  • SHA512

    f8a21845585ef66efc6ae6d4069d42447c82ac5643fa168ed73bb07a12d272355fc9a6c903124b5369e8b8c502c706a0aa69a8aec99b3ebbe69c8dcc5bcfab03

  • SSDEEP

    3072:kVb/0N7TsA7aoSXikwiGcqRZapY5x518CToTNHlmI7K:D18CAH

  Score

  10^/10

  metasploitbackdoordiscoverypersistencetrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Adds policy Run key to start application

    persistence

  • Drops file in Drivers directory

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Maps connected drives based on registry

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2