Extracted

• • Target

    f106d5a79c89b4851c95b1b195a03d49_JaffaCakes118

  • Size

    115KB

  • MD5

    f106d5a79c89b4851c95b1b195a03d49

  • SHA1

    f5cfebd0aeba41e789b3e6882b06d7997555bf33

  • SHA256

    fab5bdaf13d1f5b316abe24f9db7e56c5c710d9363d42d4821809d9e23f2de09

  • SHA512

    89f9f159c50cb44583741b2152fa7c2862b2dbae9d0b43a13ba725fe278faf54eb557ff770087d6db4fab41305e41131b6e727993a5cb107619d5f4f97393bf8

  • SSDEEP

    3072:df8wNOO5/bHoUYmxF44UkbZEvoAA6VbgA1bM6z9hD:dn5dn4rkWgZ6Vh146TD

  Score

  10^/10

  metasploitbackdoordiscoveryevasiontrojan

  • MetaSploit

    Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

    trojanbackdoormetasploit

  • Metasploit family

    metasploit

  • Modifies firewall policy service

    evasion

  • Windows security bypass

    evasiontrojan

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Drops file in System32 directory

  behavioral1behavioral2